Selective Disclosure for JWTs (SD-JWT).

Usage

Contrarily to regular JWTs or JWSs that can be verified directly after being decoded, SD-JWTs claims need to be revealed before being validated. The standard path looks like this:

┌───────┐                     ┌──────────────┐                            ┌───────────────┐
│       │                     │              │                            │               │
│ SdJwt │ ─► SdJwt::decode ─► │ DecodedSdJwt │ ─► DecodedSdJwt::reveal ─► │ RevealedSdJwt │
│       │                     │              │                            │               │
└───────┘                     └──────────────┘                            └───────────────┘

The base SD-JWT type is SdJwt (or SdJwtBuf if you want to own the SD-JWT). The SdJwt::decode function decodes the SD-JWT header, payload and disclosures into a DecodedSdJwt. At this point the payload claims are still concealed and cannot be validated. The DecodedSdJwt::reveal function uses the disclosures to reveal the disclosed claims and discard the non-disclosed claims. The result is a RevealedSdJwt containing the revealed JWT, and a set of JSON pointers (JsonPointerBuf) mapping each revealed claim to its disclosure. The RevealedSdJwt::verify function can then be used to verify the JWT as usual.

Alternatively, if you don't care about the byproducts of decoding and revealing the claims, a SdJwt::decode_reveal_verify function is provided to decode, reveal and verify the claims directly.