;;;; cl-scopes/web/jwt - JWT creation and validation
;;;; inspired by: cljwt

(defpackage :scopes/web/jwt
  (:use :common-lisp)
  (:local-nicknames (:util :scopes/util))
  (:export #:create #:decode))

(in-package :scopes/web/jwt)
 
(defvar *header* 
  (util:to-b64 "{\"alg\": \"HS256\", \"typ\": \"JWT\"}" :scheme :uri))

(defvar *payload-format* "{\"sub\": ~s, \"name\": ~s, \"iat\": ~s}")

(defun create (secret name &key (subject "scopes") (ttl 86400))
  (let* ((iat (util:to-unix-time (+ (get-universal-time) ttl)))
         (payload (util:to-b64 
                    (format nil *payload-format* subject (util:to-string name) iat)
                    :scheme :uri))
         (data (str:join "." (list *header* payload)))
         (sign (util:sign data secret)))
    (str:join "." (list data sign))))