Expand description
This crate implements the Javascript/JSON Object Signing and Encryption (JOSE) standards, including:
- JSON Web Signature (JWS): RFC7515
- JSON Web Key (JWK): RFC7517
- JSON Web Algorithms (JWA): RFC7518
- JSON Web Token (JWT): RFC7519
JSON Web Encryption (JWE), RFC7516, is not yet supported.
Example
use aliri_base64::Base64UrlRef;
use aliri::{jwa, jwk, jws, jwt, jwt::CoreHeaders, Jwk, JwtRef};
use regex::Regex;
use aliri::jwt::HasAlgorithm;
let token = JwtRef::from_str(concat!(
"eyJhbGciOiJIUzI1NiIsImtpZCI6InRlc3Qga2V5In0.",
"eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.",
"yKDd4Ba3fdedqRKHrSUUMuF01-ctdXzEKM9oyWjSx9A"
));
let secret = Base64UrlRef::from_slice(b"test").to_owned();
let key = Jwk::from(jwa::Hmac::new(secret))
.with_algorithm(jwa::Algorithm::HS256)
.with_key_id(jwk::KeyId::from_static("test key"));
let mut keys = aliri::Jwks::default();
keys.add_key(key);
let validator = jwt::CoreValidator::default()
.ignore_expiration()
.add_approved_algorithm(jwa::Algorithm::HS256)
.add_allowed_audience(jwt::Audience::from_static("my_api"))
.require_issuer(jwt::Issuer::from_static("authority"))
.check_subject(Regex::new("^Al.ri$").unwrap());
let decomposed: jwt::Decomposed = token.decompose().unwrap();
let key_ref = keys.get_key_by_id(decomposed.kid().unwrap(), decomposed.alg()).unwrap();
let data: jwt::Validated = token.verify(key_ref, &validator)
.expect("JWT was invalid");
Inspect this token at jwt.io and verify with the shared secret test
.
Modules
Common errors
Implementations of the JSON Web Algorithms (JWA) standard
Implementations of the JSON Web Keys (JWK) standard
Implementations of the JSON Web Signature (JWS) standard
Implementations of the JSON Web Tokens (JWT) standard