Struct azure_jwt::AzureAuth

pub struct AzureAuth { /* fields omitted */ }

AzureAuth is the what you'll use to validate your token. I'll briefly explain here what defaults are set and which you can change:

Defaults

• Public key expiration: dafault set to 24h, use set_expiration to set a different expiration in hours.
• Hashing algorithm: Sha256, you can't change this setting. Submit an issue in the github repo if this is important to you
• Retry on no match. If no matching key is found and our keys are older than an hour, we refresh the keys and try once more. Limited to once in an hour. You can disable this by calling set_no_retry().
• The timestamps are given a 60s "leeway" to account for time skew between servers

Errors:

• If one of Microsofts enpoints for public keys are down
• If the token can't be parsed as a valid Azure token
• If the tokens fails it's authenticity test
• If the token is invalid

Methods

impl AzureAuth

pub fn new(aud: impl Into<String>) -> Result<Self, AuthErr>

One thing to note that this method will call the Microsoft apis to fetch the current keys an this can fail. The public keys are fetched since we will not be able to perform any verification without them. Please note that this method is quite expensive to do. Try keeping the object alive instead of creating new objects. If you need to pass around an instance of the object, then cloning it will be cheaper than creating a new one.

Errors

If there is a connection issue to the Microsoft public key apis.

pub fn validate_token(
    &mut self,
    token: &str
) -> Result<TokenData<AzureJwtClaims>, AuthErr>

Dafault validation, see struct documentation for the defaults.

pub fn validate_custom<T>(
    &mut self,
    token: &str,
    validator: &Validation
) -> Result<TokenData<T>, AuthErr> where
    T: Serialize + Deserialize<'de>, 

Allows for a custom validator and mapping the token to your own type. Useful in situations where you get fields you that are not covered by the default mapping or want to change the validaion requirements (i.e if you want the leeway set to two minutes instead of one).

Note

You'll need to pull in jsonwebtoken to use Validation from that crate.

Example

use azure_oauth_r1s::*;
use jsonwebtoken::{Validation, Token};
use serde::{Seralize, Deserialize};

let mut validator = Validation::new();
validator.leeway = 120;

#[derive(Serialize, Deserialize)]
struct MyClaims {
    group: String,
    roles: Vec<String>,
}

let auth = AzureAuth::new(my_client_id_from_azure).unwrap();

let valid_token: Token<MyClaims>  = auth.validate_custom(some_token, &validator).unwrap();

pub fn set_expiration(&mut self, hours: i64)

Sets the expiration of the cached public keys in hours. Pr. 04.2019 Microsoft rotates these every 24h.

pub fn set_no_retry(&mut self)

pub fn set_public_keys(&mut self, pub_keys: Vec<Jwk>)

If you use the "offline" variant you'll need this to update the public keys, if you don't use the offline version you probably don't want to change these unless you're testing.

Trait Implementations

impl Clone for AzureAuth

fn clone(&self) -> AzureAuth

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AzureAuth

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.