gose/jose/key_set
JWK Set - RFC 7517 Section 5
A JWK Set is a JSON object containing an array of JWK values.
The keys member is REQUIRED and contains the array.
Example
// Build a key set
let key =
key.generate_ec(ec.P256)
|> key.with_kid("key-1")
let set =
key_set.new()
|> key_set.insert(key)
// Serialize to JSON and parse back
let json_string = key_set.to_json(set)
|> json.to_string()
let assert Ok(parsed) = key_set.from_json(json_string)
// Look up a key by kid
let assert Ok(found) = key_set.get(parsed, "key-1")
Types
Values
pub fn decoder() -> decode.Decoder(JwkSet)Return a lenient decoder for JWK Set values.
Invalid keys are silently skipped, matching from_json behavior.
Example
let assert Ok(set) = json.parse(json_string, key_set.decoder())
pub fn delete(jwk_set: JwkSet, kid kid: String) -> JwkSetRemove a key by its key ID (kid).
If no key with the given kid exists, returns the set unchanged.
pub fn filter(
jwk_set: JwkSet,
keeping predicate: fn(key.Key(String)) -> Bool,
) -> JwkSetFilter keys by a predicate function.
pub fn first(jwk_set: JwkSet) -> Result(key.Key(String), Nil)Get the first key in the set.
Useful for single-key sets or when any key will suffice.
pub fn from_json(
json_str: String,
) -> Result(JwkSet, gose.GoseError)Parse a JWK Set from a JSON string.
The keys array is required. Unknown top-level members are ignored per RFC.
Invalid keys are silently skipped.
pub fn from_json_bits(
json_bits: BitArray,
) -> Result(JwkSet, gose.GoseError)Parse a JWK Set from a JSON BitArray.
The keys array is required. Unknown top-level members are ignored per RFC.
Invalid keys are silently skipped.
pub fn from_json_strict(
json_str: String,
) -> Result(JwkSet, gose.GoseError)Parse a JWK Set from a JSON string, failing on any invalid key.
Unlike from_json which silently skips invalid keys, this function
returns an error if any key in the array fails to parse. The error
message includes the index of the invalid key.
Note that RFC 7517 Section 5 says implementations SHOULD ignore JWKs
with unrecognised key types, missing required members, or unsupported
parameter values. Prefer from_json unless you need to guarantee
every key in the set is valid.
pub fn from_json_strict_bits(
json_bits: BitArray,
) -> Result(JwkSet, gose.GoseError)Parse a JWK Set from a JSON BitArray, failing on any invalid key.
Unlike from_json_bits which silently skips invalid keys, this function
returns an error if any key in the array fails to parse. The error
message includes the index of the invalid key.
Note that RFC 7517 Section 5 says implementations SHOULD ignore JWKs
with unrecognised key types, missing required members, or unsupported
parameter values. Prefer from_json_bits unless you need to guarantee
every key in the set is valid.
pub fn get(
jwk_set: JwkSet,
kid kid: String,
) -> Result(key.Key(String), Nil)Find a key by its key ID (kid).
pub fn insert(
jwk_set: JwkSet,
key key: key.Key(String),
) -> JwkSetAdd a key to the set.
Keys are prepended, so if a key with the same kid already exists,
the newer key shadows the older one and get will return the most
recently inserted key.
pub fn strict_decoder() -> decode.Decoder(JwkSet)Return a strict decoder for JWK Set values.
Unlike decoder(), this fails if any key in the set is invalid.
Note that RFC 7517 Section 5 says implementations SHOULD ignore JWKs
with unrecognised key types, missing required members, or unsupported
parameter values. Prefer decoder() unless you need to guarantee
every key in the set is valid.
Example
let assert Ok(set) = json.parse(json_string, key_set.strict_decoder())