Expand description
JWT-based authentication for ATI.
ES256-signed JWTs carry identity + scopes + expiry in a single tamper-proof credential. The orchestrator signs with a private key; the proxy validates with the corresponding public key (served via JWKS).
Supports ES256 (recommended) and HS256 (simpler, for single-machine setups).
Structs§
- AtiNamespace
- ATI-specific namespace in JWT claims.
- JwtConfig
- Configuration for JWT validation and (optionally) issuance.
- Token
Claims - JWT claims per RFC 9068.
Enums§
Functions§
- config_
from_ env - Build a JwtConfig from environment variables.
- config_
from_ pem - Create a JwtConfig from PEM key files.
- config_
from_ secret - Create a JwtConfig from an HS256 shared secret.
- inspect
- Decode a JWT without verifying the signature (for inspection only).
- issue
- Issue (sign) a JWT token from claims.
- load_
private_ key_ pem - Load an ES256 or RS256 private key from PEM bytes.
- load_
public_ key_ pem - Load an ES256 or RS256 public key from PEM bytes.
- now_
secs - Get the current Unix timestamp.
- public_
key_ to_ jwks - Generate a JWKS JSON object from a public key PEM.
Returns the JWKS
keysarray suitable for/.well-known/jwks.json. - validate
- Validate a JWT token string and return the claims.