Skip to content

Commit 2d4a8c2

Browse files
lepturelepture
committed
docs: add custom method docs for claims registry
ref #62
1 parent 5bcbf67 commit 2d4a8c2

1 file changed

Lines changed: 30 additions & 5 deletions

File tree

docs/guide/jwt.rst

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -146,12 +146,12 @@ The ``JWTClaimsRegistry`` has built-in validators for timing related fields:
146146
List validation
147147
~~~~~~~~~~~~~~~
148148

149-
When validating claims that contain lists, the registry checks if **any** of the
150-
required values are present in the claim's list. This behavior is designed for
151-
flexible authorization checks where matching any of the required permissions grants
149+
When validating claims that contain lists, the registry checks if **any** of the
150+
required values are present in the claim's list. This behavior is designed for
151+
flexible authorization checks where matching any of the required permissions grants
152152
access. For single values, it checks for an exact match.
153153

154-
This is particularly useful for validating role based or permission based claims. For
154+
This is particularly useful for validating role based or permission based claims. For
155155
example:
156156

157157
.. code-block:: python
@@ -162,7 +162,7 @@ example:
162162
# Passes since "users:write" is present in the list
163163
claims_requests = JWTClaimsRegistry(
164164
permissions={"values": ["users:write", "system:admin"]}
165-
)
165+
)
166166
claims_requests.validate(claims)
167167
168168
# Raises InvalidClaimError since none of the required values are present
@@ -184,6 +184,31 @@ You can also validate against a single required value:
184184
)
185185
claims_requests.validate(claims)
186186
187+
Custom validation
188+
-----------------
189+
190+
When it's not possible to validate a claim using ``ClaimsOption``,
191+
you can define a custom validation method named ``validate_{name}``.
192+
For example, if the claims must include a ``source`` field, and the
193+
value of ``source`` must be an HTTPS URL, you can implement a custom
194+
method to enforce this requirement.
195+
196+
.. code-block:: python
197+
198+
from joserfc.jwt import JWTClaimsRegistry
199+
from joserfc.errors import InvalidClaimError
200+
201+
class MyClaimsRegistry(JWTClaimsRegistry):
202+
def validate_source(self, value):
203+
if not value.startswith('https://'):
204+
raise InvalidClaimError('source')
205+
206+
Then, you can validate the claims with:
207+
208+
.. code-block:: python
209+
210+
claims_requests = MyClaimsRegistry(source={"essential": True})
211+
187212
JWS & JWE
188213
---------
189214

0 commit comments

Comments
 (0)