Describes schema of the data stored in Identity. Record type with the identifier "core" describes core data, other record types describe possible records.

Functions

idToToken

suspend fun idToToken(type: TokenType, id: String, expiresIn: Duration): String

Creates an opaque token that can be safely given to the client. On the server the Identity objects are identified by its id, which stays the same. When referencing an identity from the client, we do not want the client to be able to play any games, thus the actual server-side id and a small amount of metadata is encrypted using server secret key.

toDataItem

fun JsonElement.toDataItem(recordType: RecordType): DataItem

Converts JsonElement to DataItem based on the given record type.

toJson

fun DataItem.toJson(): JsonElement

Converts DataItem to JsonElement.

tokenToId

suspend fun tokenToId(type: TokenType, code: String): String

Decodes a token into server-side id, its type and expiration time.

validateJwt

suspend fun validateJwt(jwt: String, jwtName: String, publicKey: EcPublicKey?, algorithm: Algorithm? = publicKey?.curve?.defaultSigningAlgorithmFullySpecified, checks: Map<JwtCheck, String> = mapOf(), maxValidity: Duration = 10.hours, clock: Clock = Clock.System): JsonObject

General-purpose JWT jwt validation using a set of built-in required checks (expiration and signature validity) and a set of optional checks specified in checks parameter.