Crate alcoholic_jwt[][src]

Implements a library for for validation of RS256 JWTs using keys from a JWKS. Nothing more, nothing less.

The name of the library stems from the potential side-effects of trying to use the other Rust libraries that are made for similar purposes.

This library is specifically aimed at developers that consume tokens from services which provide their RSA public keys in JWKS format.

Usage example (token with kid-claim)

extern crate alcoholic_jwt;

use alcoholic_jwt::{JWKS, Validation, validate, token_kid};

// The function implied here would usually perform an HTTP-GET
// on the JWKS-URL for an authentication provider and deserialize
// the result into the `alcoholic_jwt::JWKS`-struct.
let jwks: JWKS = jwks_fetching_function();

let token = some_token_fetching_function();

// Several types of built-in validations are provided:
let validations = vec![

// If a JWKS contains multiple keys, the correct KID first
// needs to be fetched from the token headers.
let kid = token_kid(&token)
    .expect("Failed to decode token headers")
    .expect("No 'kid' claim present in token");

let jwk = jwks.find(&kid).expect("Specified key not found in set");

validate(token, jwk, validations).expect("Token validation has failed!");



Representation of a single JSON Web Key. See RFC 7517.


Representation of a set of JSON Web Keys. See RFC 7517.


Representation of a decoded and validated JSON Web Token.



Possible token claim validations. This enumeration only covers common use-cases, for other types of validations the user is encouraged to inspect the claim set manually.


Possible results of a token validation.



Attempt to extract the kid-claim out of a JWT's header claims.


Validate the signature of a JSON Web Token and optionally apply claim validations. Signatures are always verified before claims, and if a signature verification passes all claim validations are run and returned.