Struct azure_jwt_async::AzureAuth

pub struct AzureAuth { /* private fields */ }

AzureAuth is the what you’ll use to validate your token.

Defaults

• Public key expiration: dafault set to 24h, use set_expiration to set a different expiration in hours.
• Hashing algorithm: Sha256, you can’t change this setting. Submit an issue in the github repo if this is important to you
• Retry on no match. If no matching key is found and our keys are older than an hour, we refresh the keys and try once more. Limited to once in an hour. You can disable this by calling set_no_retry().
• The timestamps are given a 60s “leeway” to account for time skew between servers

Errors

• If one of Microsofts enpoints for public keys are down
• If the token can’t be parsed as a valid Azure token
• If the tokens fails it’s authenticity test
• If the token is invalid

Implementations

impl AzureAuth

pub async fn new(aud: impl Into<String>) -> Result<Self, AuthErr>

Creates a new dafault instance. This method will call the Microsoft apis to fetch the current keys which can fail. The public keys are fetched since we need them to perform verification. Please note that fetching the OpenID manifest and public keys are quite slow since we call an external API in a blocking manner. Try keeping a single instance alive instead of creating new ones for every validation. If you need to pass around an instance of the object, creating a pool of instances at startup or wrapping a single instance in a Mutex is better than creating many new instances.

Errors

If there is a connection issue to the Microsoft APIs.

pub fn new_offline( aud: impl Into<String>, public_keys: Vec<Jwk> ) -> Result<Self, AuthErr>

Does not call the Microsoft openid configuration endpoint or fetches the JWK set. Use this if you want to handle updating the public keys yourself

pub async fn validate_token( &mut self, token: &str ) -> Result<TokenData<AzureJwtClaims>, AuthErr>

Dafault validation, see AzureAuth documentation for the defaults.

pub async fn validate_custom<T>( &mut self, token: &str, validator: &Validation ) -> Result<TokenData<T>, AuthErr>

where for<'de> T: Serialize + Deserialize<'de>,

Allows for a custom validator and mapping the token to your own type. Useful in situations where you get fields you that are not covered by the default mapping or want to change the validaion requirements (i.e if you want the leeway set to two minutes instead of one).

Note

You’ll need to pull in jsonwebtoken to use Validation from that crate.

Example

use azure_oauth_r1s::*;
use jsonwebtoken::{Validation, Token};
use serde::{Seralize, Deserialize};

let mut validator = Validation::new();
validator.leeway = 120;

#[derive(Serialize, Deserialize)]
struct MyClaims {
    group: String,
    roles: Vec<String>,
}

let auth = AzureAuth::new(my_client_id_from_azure).unwrap();

let valid_token: Token<MyClaims>  = auth.validate_custom(some_token, &validator).unwrap();

pub fn set_expiration(&mut self, hours: i64)

Sets the expiration of the cached public keys in hours. Pr. 04.2019 Microsoft rotates these every 24h.

pub fn set_no_retry(&mut self)

pub async fn refresh_rwks_uri(&mut self) -> Result<(), AuthErr>

Refreshes the jwks_uri by re-fetching it from the the OpenID metadata document. See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata Usually, this is not needed but for some cases you might want to try to fetch a new uri on receiving an error.

pub fn set_public_keys(&mut self, pub_keys: Vec<Jwk>)

If you use the “offline” variant you’ll need this to update the public keys, if you don’t use the offline version you probably don’t want to change these unless you’re testing.

Trait Implementations

impl Clone for AzureAuth

fn clone(&self) -> AzureAuth

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AzureAuth

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.