Crate aliri[−][src]
Expand description
This crate implements the Javascript/JSON Object Signing and Encryption (JOSE) standards, including:
- JSON Web Signature (JWS): RFC7515
- JSON Web Key (JWK): RFC7517
- JSON Web Algorithms (JWA): RFC7518
- JSON Web Token (JWT): RFC7519
JSON Web Encryption (JWE), RFC7516, is not yet supported.
Example
use aliri_base64::Base64UrlRef; use aliri::{jwa, jwk, jws, jwt, jwt::CoreHeaders, Jwk, JwtRef}; use regex::Regex; use aliri::jwt::HasAlgorithm; let token = JwtRef::from_str(concat!( "eyJhbGciOiJIUzI1NiIsImtpZCI6InRlc3Qga2V5In0.", "eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.", "yKDd4Ba3fdedqRKHrSUUMuF01-ctdXzEKM9oyWjSx9A" )); let secret = Base64UrlRef::from_slice(b"test").to_owned(); let key = Jwk::from(jwa::Hmac::new(secret)) .with_algorithm(jwa::Algorithm::HS256) .with_key_id(jwk::KeyId::new("test key")); let mut keys = aliri::Jwks::default(); keys.add_key(key); let validator = jwt::CoreValidator::default() .ignore_expiration() .add_approved_algorithm(jwa::Algorithm::HS256) .add_allowed_audience(jwt::Audience::new("my_api")) .require_issuer(jwt::Issuer::new("authority")) .check_subject(Regex::new("^Al.ri$").unwrap()); let decomposed: jwt::Decomposed = token.decompose().unwrap(); let key_ref = keys.get_key_by_id(decomposed.kid().unwrap(), decomposed.alg()).unwrap(); let data: jwt::Validated = token.verify(key_ref, &validator) .expect("JWT was invalid");
Inspect this token at jwt.io and verify with the shared secret test.
Modules
| error | Common errors |
| jwa | Implementations of the JSON Web Algorithms (JWA) standard |
| jwk | Implementations of the JSON Web Keys (JWK) standard |
| jws | Implementations of the JSON Web Signature (JWS) standard |
| jwt | Implementations of the JSON Web Tokens (JWT) standard |
Structs
| Jwk | An identified JSON Web Key |
| Jwks | A JSON Web Key Set (JWKS) |
| Jwt | A JSON Web Token |
| JwtRef | A borrowed reference to a JSON Web Token ( |