Expand description
Minimal hand-rolled JWT (RFC 7515 compact JWS) encoder and decoder for atproto service-auth.
This module exists to avoid pulling a full JWT library for a handful of tightly-scoped use cases: minting self-mint JWTs for labeler conformance tests, and decoding them in tests to verify round-trip correctness. Only ES256 and ES256K are supported (RFC 7518 §3.4); raw r||s signature encoding, unpadded base64url segments, UTF-8 JSON payloads.
Structs§
- JwtClaims
- Atproto service-auth JWT claims.
- JwtHeader
- Compact JWS header for atproto service-auth tokens.
Enums§
- JwtError
- Errors from JWT encode/decode.
Functions§
- decode_
compact - Decode a compact JWT into
(header, claims, signature_bytes). - encode_
compact - Encode a JWT in compact form:
base64url(header).base64url(claims).base64url(signature). - verify_
compact - Verify a compact JWT against the given verifying key. Does NOT check claim values (exp/aud/lxm) — that is the labeler’s job in production, or the stage’s assertion job in tests. Only verifies the signature.