kjwt-cryptography-kotlin-processor-ext/co.touchlab.kjwt.cryptography.ext/verifyWith

verifyWith

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.MACBased, jwk: Jwk.Oct, keyId: String? = jwk.kid, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Configures the parser to verify JWS signatures using an HMAC key derived from the given Jwk.Oct JWK.

Return

this builder for chaining

Parameters

algorithm

the HMAC-based signing algorithm (HS256, HS384, or HS512)

jwk

the Oct JWK containing the raw symmetric key material

keyId

optional key ID override; when set, the parser will only use this key if the token's kid header matches. Defaults to the JWK's own kid field.

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.PKCS1Based, jwk: Jwk.Rsa, keyId: String? = jwk.kid, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Configures the parser to verify JWS signatures using an RSA PKCS#1 public key derived from the given Jwk.Rsa JWK.

Return

this builder for chaining

Parameters

algorithm

the RSA PKCS#1-based signing algorithm (RS256, RS384, or RS512)

jwk

the RSA JWK containing the public key parameters n and e

keyId

optional key ID override; when set, the parser will only use this key if the token's kid header matches. Defaults to the JWK's own kid field.

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.PSSBased, jwk: Jwk.Rsa, keyId: String? = jwk.kid, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Configures the parser to verify JWS signatures using an RSA PSS public key derived from the given Jwk.Rsa JWK.

Return

this builder for chaining

Parameters

algorithm

the RSA PSS-based signing algorithm (PS256, PS384, or PS512)

jwk

the RSA JWK containing the public key parameters n and e

keyId

optional key ID override; when set, the parser will only use this key if the token's kid header matches. Defaults to the JWK's own kid field.

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.ECDSABased, jwk: Jwk.Ec, keyId: String? = jwk.kid, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Configures the parser to verify JWS signatures using an ECDSA public key derived from the given Jwk.Ec JWK.

Return

this builder for chaining

Parameters

algorithm

the ECDSA-based signing algorithm (ES256, ES384, or ES512)

jwk

the EC JWK containing the public key parameters crv, x, and y

keyId

optional key ID override; when set, the parser will only use this key if the token's kid header matches. Defaults to the JWK's own kid field.

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.MACBased, key: HMAC.Key, keyId: String? = null): JwtParserBuilder(source)

Registers an HMAC (HS256/384/512) symmetric key for JWS signature verification.

Return

this builder for chaining

Parameters

algorithm

the HMAC-based signing algorithm (HS256, HS384, or HS512)

key

the HMAC symmetric key to verify signatures with

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.PKCS1Based, key: RSA.PKCS1.PublicKey, keyId: String? = null): JwtParserBuilder(source)

Registers an RSA PKCS#1 (RS256/384/512) public key for JWS signature verification.

Return

this builder for chaining

Parameters

algorithm

the RSA PKCS#1-based signing algorithm (RS256, RS384, or RS512)

key

the RSA PKCS#1 public key to verify signatures with

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.PSSBased, key: RSA.PSS.PublicKey, keyId: String? = null): JwtParserBuilder(source)

Registers an RSA PSS (PS256/384/512) public key for JWS signature verification.

Return

this builder for chaining

Parameters

algorithm

the RSA PSS-based signing algorithm (PS256, PS384, or PS512)

key

the RSA PSS public key to verify signatures with

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.ECDSABased, key: ECDSA.PublicKey, keyId: String? = null): JwtParserBuilder(source)

Registers an ECDSA (ES256/384/512) public key for JWS signature verification.

Return

this builder for chaining

Parameters

algorithm

the ECDSA-based signing algorithm (ES256, ES384, or ES512)

key

the ECDSA public key to verify signatures with

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm, key: Key, keyId: String? = null): JwtParserBuilder(source)

Registers a raw Key for JWS signature verification using any SigningAlgorithm.

Prefer the strongly typed overloads (e.g. verifyWith accepting HMAC.Key or RSA.PKCS1.PublicKey) when possible, as they enforce the correct key type at compile time.

Return

this builder for chaining

Parameters

algorithm

the JWS signing algorithm this key is associated with

key

the raw cryptography-kotlin key to verify signatures with; must be compatible with algorithm

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

fun JwtParserBuilder.verifyWith(key: SigningKey.VerifyOnlyKey): JwtParserBuilder(source)

Registers a pre-built SigningKey.VerifyOnlyKey for JWS signature verification.

The algorithm and kid are taken from key's SigningKey.Identifier.

Return

this builder for chaining

Parameters

key

the verify-only signing key to register

fun JwtParserBuilder.verifyWith(key: SigningKey.SigningKeyPair): JwtParserBuilder(source)

Registers a pre-built SigningKey.SigningKeyPair for JWS signature verification.

The algorithm and kid are taken from key's SigningKey.Identifier. Both the public and private key material are stored, but only the public key is used for verification.

Return

this builder for chaining

Parameters

key

the signing key pair to register

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.MACBased, key: String, keyFormat: HMAC.Key.Format, keyId: String? = null, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Registers an HMAC verification key decoded from a String.

Return

this builder for chaining.

Parameters

algorithm

the HMAC-based signing algorithm (HS256, HS384, or HS512).

key

the HMAC key material encoded as a String.

keyFormat

the format in which key is encoded.

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.PKCS1Based, key: String, keyFormat: RSA.PublicKey.Format, keyId: String? = null, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Registers an RSA PKCS#1 public key decoded from a String for JWS signature verification.

Return

this builder for chaining.

Parameters

algorithm

the RSA PKCS#1-based signing algorithm (RS256, RS384, or RS512).

key

the RSA public key material encoded as a String.

keyFormat

the format in which key is encoded.

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.PSSBased, key: String, keyFormat: RSA.PublicKey.Format, keyId: String? = null, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Registers an RSA PSS public key decoded from a String for JWS signature verification.

Return

this builder for chaining.

Parameters

algorithm

the RSA PSS-based signing algorithm (PS256, PS384, or PS512).

key

the RSA public key material encoded as a String.

keyFormat

the format in which key is encoded.

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtParserBuilder.verifyWith(algorithm: SigningAlgorithm.ECDSABased, key: String, keyFormat: EC.PublicKey.Format, keyId: String? = null, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtParserBuilder(source)

Registers an ECDSA public key decoded from a String for JWS signature verification.

Return

this builder for chaining.

Parameters

algorithm

the ECDSA-based signing algorithm (ES256, ES384, or ES512).

key

the EC public key material encoded as a String.

keyFormat

the format in which key is encoded.

keyId

optional key ID to associate with this verifier; when set, only tokens whose kid header matches will use this key. Defaults to null (matches any token).

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

Generated by Dokka
© 2026 Touchlab