Skip to content

Instantly share code, notes, and snippets.

@carlohamalainen
Created August 7, 2014 04:32
Show Gist options
  • Save carlohamalainen/71b19d2b5dae4943c709 to your computer and use it in GitHub Desktop.
Save carlohamalainen/71b19d2b5dae4943c709 to your computer and use it in GitHub Desktop.
Trying to use hs-jwt to validate an AAF Rapid Connect assertion.
{-# LANGUAGE OverloadedStrings #-}
module TestWithHsJWT where
import qualified Data.Text as T
import qualified Crypto.JWT as JWT
import qualified Crypto.JOSE as JOSE
import qualified Data.HashMap.Lazy as HM
import Data.Aeson
import Control.Applicative ((<$>), (<*>))
import Control.Monad (mzero)
-- For a description of these attributes, see https://rapid.aaf.edu.au/developers
data AAFAttributes = AAFAttributes
{ aafEdupersontargetedid :: T.Text
, aafDisplayname :: T.Text
, aafCn :: T.Text
, aafEdupersonscopedaffiliation :: T.Text
, aafEdupersonprincipalname :: T.Text
, aafMail :: T.Text
, aafSurname :: T.Text
, aafGivenname :: T.Text
}
deriving (Show, Eq)
instance FromJSON AAFAttributes where
parseJSON (Object v) = AAFAttributes <$>
v .: "edupersontargetedid" <*>
v .: "displayname" <*>
v .: "cn" <*>
v .: "edupersonscopedaffiliation" <*>
v .: "edupersonprincipalname" <*>
v .: "mail" <*>
v .: "surname" <*>
v .: "givenname"
parseJSON _ = mzero
blah :: T.Text -> T.Text -> Bool
blah assertion secret = isvalid
where
jwt :: JWT.JWT
jwt = undefined
jwk :: JOSE.JWK
jwk = undefined
-- How do I use the privately defined secret string
-- to validate the jwt that was provided via AAF's service?
-- Things that I have to look up:
claimset = JWT.jwtClaimsSet jwt
iss = JWT.claimIss claimset
aud = JWT.claimAud claimset
-- In the unregistered claims I will find things about
-- the user's institutional email, staff/student affiliation, etc.
unregisteredClaims = JWT.unregisteredClaims claimset
attributes = HM.lookup "https://aaf.edu.au/attributes" unregisteredClaims
-- I guess that jwk should be a function of the secret?
isvalid = JWT.validateJWSJWT jwk jwt -- ????
@frasertweedale
Copy link

jwk = JWK k z z z z z z z z
where
    z = Nothing
    k = OctKeyMaterial Oct (OctKeyParameters (Base64Octets secret))
    -- secret needs to be decoded from Text to ByteString

@frasertweedale
Copy link

I see that there is a use case for constructing a minimal key based on existing key material (i.e. as opposed to decoding from JSON or generating a key). I will add this to the Key type class (which in unreleased - will try to release that within next week)

@frasertweedale
Copy link

use decodeCompact to decode the JWT from a compact representation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment