1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
//! This crate implements the Javascript/JSON Object Signing and Encryption (JOSE) //! standards, including: //! //! * JSON Web Signature (JWS): [RFC7515][] //! * JSON Web Key (JWK): [RFC7517][] //! * JSON Web Algorithms (JWA): [RFC7518][] //! * JSON Web Token (JWT): [RFC7519][] //! //! JSON Web Encryption (JWE), [RFC7516][], is not yet supported. //! //! [RFC7515]: https://tools.ietf.org/html/rfc7515 //! [RFC7516]: https://tools.ietf.org/html/rfc7516 //! [RFC7517]: https://tools.ietf.org/html/rfc7517 //! [RFC7518]: https://tools.ietf.org/html/rfc7518 //! [RFC7519]: https://tools.ietf.org/html/rfc7519 //! //! # Example //! //! ``` //! use aliri_base64::Base64UrlRef; //! use aliri::{jwa, jwk, jws, jwt, jwt::CoreHeaders, Jwk, JwtRef}; //! use regex::Regex; //! use aliri::jwt::HasAlgorithm; //! //! let token = JwtRef::from_str(concat!( //! "eyJhbGciOiJIUzI1NiIsImtpZCI6InRlc3Qga2V5In0.", //! "eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.", //! "yKDd4Ba3fdedqRKHrSUUMuF01-ctdXzEKM9oyWjSx9A" //! )); //! //! let secret = Base64UrlRef::from_slice(b"test").to_owned(); //! let key = Jwk::from(jwa::Hmac::new(secret)) //! .with_algorithm(jwa::Algorithm::HS256) //! .with_key_id(jwk::KeyId::new("test key")); //! //! let mut keys = aliri::Jwks::default(); //! keys.add_key(key); //! //! let validator = jwt::CoreValidator::default() //! .ignore_expiration() //! .add_approved_algorithm(jwa::Algorithm::HS256) //! .add_allowed_audience(jwt::Audience::new("my_api")) //! .require_issuer(jwt::Issuer::new("authority")) //! .check_subject(Regex::new("^Al.ri$").unwrap()); //! //! let decomposed: jwt::Decomposed = token.decompose().unwrap(); //! let key_ref = keys.get_key_by_id(decomposed.kid().unwrap(), decomposed.alg()).unwrap(); //! //! let data: jwt::Validated = token.verify(key_ref, &validator) //! .expect("JWT was invalid"); //! # let _ = data; //! ``` //! //! Inspect this token at [jwt.io][token] and verify with the shared secret `test`. //! //! [token]: https://jwt.io/#debugger-io?token=eyJhbGciOiJIUzI1NiIsImtpZCI6InRlc3Qga2V5In0.eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.yKDd4Ba3fdedqRKHrSUUMuF01-ctdXzEKM9oyWjSx9A //! #![warn( missing_docs, unused_import_braces, unused_imports, unused_qualifications )] #![deny( missing_debug_implementations, missing_copy_implementations, trivial_casts, trivial_numeric_casts, unsafe_code, unused_must_use )] pub mod error; pub mod jwa; pub mod jwk; mod jwks; pub mod jws; pub mod jwt; pub(crate) mod test; #[doc(inline)] pub use jwk::Jwk; #[doc(inline)] pub use jwks::Jwks; #[doc(inline)] pub use jwt::{Jwt, JwtRef}; #[cfg(not(any(feature = "rsa", feature = "hmac", feature = "ec")))] compiler_error!( "At least one of `rsa`, `hmac`, or `ec` must be enabled for this crate to be of any use." );