common_access_token/
lib.rs

1//! # Common Access Token
2//!
3//! A Rust implementation of Common Access Token (CAT) based on the CTA-5007 specification.
4//! This library provides functionality for generating and validating tokens using HMAC-SHA256,
5//! compatible with other implementations like the Node.js reference implementation.
6//!
7//! ## Features
8//!
9//! - Token generation with HMAC-SHA256 signatures
10//! - Token validation with issuer, audience, and expiration verification
11//! - Standard CWT (CBOR Web Token) claims support
12//! - Interoperability with other CAT implementations
13//!
14//! ## Usage Example
15//!
16//! ```
17//! use common_access_token::{Cat, CatOptions, CatGenerateOptions, CatValidationOptions, CatValidationTypes};
18//! use std::collections::HashMap;
19//! use std::time::{SystemTime, UNIX_EPOCH};
20//!
21//! // Create a key
22//! let key = hex::decode("403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388").unwrap();
23//!
24//! // Create a key store
25//! let mut keys = HashMap::new();
26//! keys.insert("Symmetric256".to_string(), key);
27//!
28//! // Create a CAT object for token operations
29//! let cat = Cat::new(CatOptions {
30//!     keys,
31//!     expect_cwt_tag: true,
32//! });
33//!
34//! // Get current time for token expiration
35//! let now = SystemTime::now()
36//!     .duration_since(UNIX_EPOCH)
37//!     .unwrap()
38//!     .as_secs() as i64;
39//!
40//! // Create token claims using the builder pattern
41//! let claims = cat.claims_builder()
42//!     .issuer("example-issuer")
43//!     .subject("user-123")
44//!     .audience("api-service")
45//!     .expiration(now + 3600) // Valid for 1 hour
46//!     .issued_at(now)
47//!     .build();
48//!
49//! // Generate a token
50//! let token = cat.generate(
51//!     claims,
52//!     CatGenerateOptions {
53//!         token_type: CatValidationTypes::Mac,
54//!         alg: "HS256".to_string(),
55//!         kid: "Symmetric256".to_string(),
56//!         generate_cwt_id: true,
57//!     },
58//! ).unwrap();
59//!
60//! // Validate the token
61//! // In a real application, we would validate the token we created above
62//! # // The following code is just for documentation and won't be run in doctests
63//! # let validate_example = || {
64//! let validation_result = cat.validate(
65//!     &token,
66//!     CatValidationTypes::Mac,
67//!     CatValidationOptions {
68//!         issuer: "example-issuer".to_string(),
69//!         audience: Some(vec!["api-service".to_string()]),
70//!     },
71//! ).unwrap();
72//!
73//! // Check validation result
74//! assert!(validation_result.is_valid());
75//! # };
76//! # // End of example code
77//! ```
78
79// Internal modules
80mod cat;
81mod claims;
82mod cose;
83mod error;
84mod util;
85
86#[cfg(test)]
87#[cfg(feature = "interop")]
88mod test_interop;
89
90// Public API
91pub use cat::{
92    Cat, CatGenerateOptions, CatOptions, CatValidationOptions, CatValidationResult,
93    CatValidationTypes, ClaimsBuilder, CommonAccessToken,
94};
95pub use claims::{Claim, ClaimValue, Claims};
96pub use error::Error;