Module private_key_jwt

auth_framework::server::jwt

Module private_key_jwt 

Source
Expand description

RFC 7521: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

This module implements private key JWT client authentication, allowing clients to authenticate using JWTs signed with their private keys.

§Enhanced Security Features

  • SecureJwtValidator Integration: Uses comprehensive JWT validation with enhanced security checks beyond basic signature verification
  • Configurable JTI Cleanup: Customizable cleanup intervals for managing used JWT IDs and preventing replay attacks
  • Advanced Token Management: Token revocation and validation using the enhanced security framework
  • Automatic Cleanup Scheduling: Integrated cleanup of expired JTIs and revoked tokens

§Usage Example

use auth_framework::server::private_key_jwt::{PrivateKeyJwtManager, ClientJwtConfig};
use auth_framework::secure_jwt::{SecureJwtValidator, SecureJwtConfig};
use chrono::Duration;
use jsonwebtoken::Algorithm;

// Create JWT validator with enhanced security
let jwt_config = SecureJwtConfig::default();
let jwt_validator = SecureJwtValidator::new(jwt_config);

// Create manager with custom cleanup interval
let manager = PrivateKeyJwtManager::new(jwt_validator)
    .with_cleanup_interval(Duration::minutes(30));

// Configure client for JWT authentication
let config = ClientJwtConfig {
    client_id: "example_client".to_string(),
    public_key_jwk: serde_json::json!({"kty": "RSA", "n": "...", "e": "AQAB"}),
    allowed_algorithms: vec![Algorithm::RS256],
    max_jwt_lifetime: Duration::minutes(5),
    clock_skew: Duration::seconds(60),
    expected_audiences: vec!["https://api.example.com".to_string()],
};

manager.register_client(config).await?;

// Authenticate client with JWT assertion
let client_assertion = "eyJ..."; // JWT assertion from client
let auth_result = manager.authenticate_client(client_assertion).await?;

if auth_result.authenticated {
    println!("Client authenticated successfully");
    // Process authenticated client...
}

// Perform scheduled cleanup
manager.schedule_automatic_cleanup().await;

Structs§

ClientJwtConfig
Client JWT configuration for private key authentication
JwtAuthResult
JWT authentication result
PrivateKeyJwtClaims
Private Key JWT claims for client authentication
PrivateKeyJwtManager
Private Key JWT Manager