Crate biscuit

source ·
Expand description

Build Status Repository Documentation dependency status

A library to work with Javascript Object Signing and Encryption(JOSE), including JSON Web Tokens (JWT), JSON Web Signature (JWS) and JSON Web Encryption (JWE)

This was based off Keats/rust-jwt.


Add the following to Cargo.toml:

biscuit = "0.7.0"

To use the latest master branch, for example:

biscuit = { git = "", branch = "master" }

See JWT for common usage examples.

Supported Features

The crate does not support all, and probably will never support all of the features described in the various RFCs, including some algorithms and verification.

See the documentation for more information.




  • Secure cryptographic digests
  • Errors returned will be converted to one of the structs in this module.
  • JSON Web Algorithms
  • JSON Web Key
  • JSON Web Signatures, including JWT signing and headers


  • A newtype wrapper around a string to indicate it’s base64 URL encoded
  • Options for claims presence validation
  • A collection of claims, both registered and your custom private claims.
  • A collection of CompactParts that have been converted to Base64Url
  • An empty struct that derives Serialize and Deserialize. Can be used, for example, in places where a type for custom values (such as private claims in a ClaimsSet) is required but you have nothing to implement.
  • Registered claims defined by RFC7519#4.1
  • Options for validating temporal claims
  • Wrapper around DateTime<Utc> to allow us to do custom de(serialization)
  • Options for claims validation


  • Defines whether a claim is required or not
  • Represents a choice between a single value or multiple values. This value is serialized by serde untagged.
  • Defines whether a claim is validated or not


  • A marker trait that indicates that the object is to be serialized to JSON and deserialized from JSON. This is primarily used in conjunction with the CompactPart trait which will serialize structs to JSON before base64 encoding, and vice-versa.
  • A “part” of the compact representation of JWT/JWS/JWE. Parts are first serialized to some form and then base64 encoded and separated by periods.

Type Aliases

  • A convenience type alias of a “JWE” which is a compact JWE that contains a signed/unsigned compact JWS.
  • A convenience type alias of the common “JWT” which is a secured/unsecured compact JWS. Type T is the type of the private claims, and type H is the type of private header fields