|
DeterministicESPAsyncWebServer v6.28.0
Zero-allocation, bounded-execution async HTTP server for ESP32
|
OpenID Connect ID-token verification, RS256 (DETWS_ENABLE_OIDC). More...
Go to the source code of this file.
OpenID Connect ID-token verification, RS256 (DETWS_ENABLE_OIDC).
A relying-party verifier for OIDC ID tokens (RFC 7519 JWT, OpenID Connect Core 3.1.3.7). Given an ID token and the issuer's JWKS, it:
alg == RS256,kid (or the sole key if the token has none),iss, aud (string or array), exp, and nbf against the caller's expectations and clock,sub / email and the times into ::DetwsOidcClaims.Zero-heap (fixed stack/BSS buffers) and host-tested against real openssl-signed RS256 vectors. The verifier is pure: it does NOT fetch anything. Fetching the discovery document / JWKS over HTTPS and caching keys is the caller's job (do it off the request hot path with the HTTP client, then pass the JWKS JSON here) - which keeps key rotation, caching policy, and TLS trust in the application's hands and the verifier deterministic.
Only RS256 (the OIDC default and by far the most common) is supported; HS256 shared-secret tokens are the JWT module's job (services/jwt), ES256 is out of scope.
Definition in file oidc.h.