identity_credential/validator/sd_jwt/
kb_validation_options.rs

1// Copyright 2020-2026 IOTA Stiftung
2// SPDX-License-Identifier: Apache-2.0
3
4use identity_core::common::Timestamp;
5use serde::Deserialize;
6use serde::Serialize;
7
8/// Criteria for validating a Key Binding JWT (KB-JWT).
9#[derive(Debug, Default, Clone, Serialize, Deserialize)]
10#[non_exhaustive]
11#[serde(rename_all = "camelCase")]
12pub struct KeyBindingJwtValidationOptions {
13  /// Validates the nonce value of the KB-JWT claims.
14  #[serde(skip_serializing_if = "Option::is_none")]
15  pub nonce: Option<String>,
16  /// Validates the `aud` properties in the KB-JWT claims.
17  #[serde(skip_serializing_if = "Option::is_none")]
18  pub aud: Option<String>,
19  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
20  /// earlier than this timestamp.
21  #[serde(skip_serializing_if = "Option::is_none")]
22  pub earliest_issuance_date: Option<Timestamp>,
23  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
24  /// later than this timestamp.
25  /// Uses the current timestamp during validation if not set.
26  #[serde(skip_serializing_if = "Option::is_none")]
27  pub latest_issuance_date: Option<Timestamp>,
28}
29
30impl KeyBindingJwtValidationOptions {
31  /// Constructor that sets all options to their defaults.
32  pub fn new() -> Self {
33    Self::default()
34  }
35
36  /// Validates the nonce value of the KB-JWT claims.
37  pub fn nonce(mut self, nonce: impl Into<String>) -> Self {
38    self.nonce = Some(nonce.into());
39    self
40  }
41
42  /// Sets the `aud` property for verification.
43  pub fn aud(mut self, aud: impl Into<String>) -> Self {
44    self.aud = Some(aud.into());
45    self
46  }
47
48  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
49  /// earlier than this timestamp.
50  pub fn earliest_issuance_date(mut self, earliest_issuance_date: Timestamp) -> Self {
51    self.earliest_issuance_date = Some(earliest_issuance_date);
52    self
53  }
54
55  /// Declares that the KB-JWT is considered invalid if the `iat` value in the claims is
56  /// later than this timestamp.
57  /// Uses the current timestamp during validation if not set.
58  pub fn latest_issuance_date(mut self, latest_issuance_date: Timestamp) -> Self {
59    self.latest_issuance_date = Some(latest_issuance_date);
60    self
61  }
62}