cl-jwk is a Common Lisp system for parsing public JSON Web Keys (JWK).

The following JWK keys are supported by the system.

• RSA
• EC P-256
• EC P-384
• EC P-521
• EC secp256k1
• oct (symmetric key)

• Quicklisp

Clone the repo in your Quicklisp local-projects directory.

(ql:register-local-projects)

Then load the system.

(ql:quickload :cl-jwk)

NOTE: cl-jwk uses features from latest ironclad, so make sure that you are using the latest ironclad release from Github, until it gets published on Quicklisp.

In order to decode a public JWK key from a JSON object, simply call the CL-JWK:DECODE generic function.

For instance, in order to decode one of the test keys used by the cl-jwk.test system, you can call CL-JWK:DECODE like this.

CL-USER> (defparameter *json-data*
           (uiop:read-file-string
            (asdf:system-relative-pathname :cl-jwk.test "tests/test-keys/rsa-3072-pub.json")))
*JSON-DATA*
CL-USER> (cl-jwk:decode :json *json-data*)
#<CL-JWK.CORE:JWK {100510EB73}>

Upon successful decoding of the JSON data the CL-JWK:DECODE method will return a CL-JWK:JWK class instance. Use the available readers to get more details about the decoded public key. The following reader methods are available for a CL-JWK:JWK instance.

• CL-JWK:JWK-KTY
• CL-JWK:JWK-USE
• CL-JWK:JWK-KID
• CL-JWK:JWK-ALG
• CL-JWK:JWK-KEY-OPS
• CL-JWK:JWK-KEY

The CL-JWK:JWK-KEY method returns an instance of an ironclad public key.

You can also fetch public JWKs from an OpenID Provider. For example:

CL-USER> (defparameter *client*
           (cl-jwk:make-client :hostname "accounts.google.com"))
*CLIENT*
CL-USER> (cl-jwk:public-keys *client*)
(#<CL-JWK.CORE:JWK {10021B5FD3}> #<CL-JWK.CORE:JWK {10021B6053}>
 #<CL-JWK.CORE:JWK {10021B60D3}>)

Token verification can be done using the CL-JWK:VERIFY-TOKEN generic function. CL-JWK:VERIFY-TOKEN is implemented for both CL-JWK:JWK and CL-JWK:CLIENT classes.

The cl-jwk tests are provided as part of the :cl-jwk.test system.

In order to run the tests you can evaluate the following expressions.

CL-USER> (ql:quickload :cl-jwk.test)
CL-USER> (asdf:test-system :cl-jwk.test)

Or you can run the tests using the scripts/run-tests.sh shell script instead, e.g.

env LISP=sbcl ./scripts/run-tests.sh

cl-jwk is hosted on Github. Please contribute by reporting issues, suggesting features or by sending patches using pull requests.

• Marin Atanasov Nikolov <[email protected]>

This project is Open Source and licensed under the BSD License.