Crate compact_jwt

Expand description

Json Web Tokens (JWT) are a popular method for creating signed transparent tokens that can be verified by clients and servers. They are enshrined in standards like OpenID Connect which causes them to be a widespread and required component of many modern web authentication system.

This is a minimal implementation of JWTs and Oidc Tokens that aims for auditability and correctness.

Examples

use std::str::FromStr;
use std::convert::TryFrom;
use std::time::SystemTime;
use url::Url;
use compact_jwt::{JwsValidator, JwsSigner, OidcToken, OidcSubject, OidcUnverified};

let oidc = OidcToken {
        iss: Url::parse("https://oidc.example.com").unwrap(),
        sub: OidcSubject::S("UniqueId".to_string()),
    };

let jws_signer = JwsSigner::generate_es256()
    .unwrap();

let oidc_signed = oidc.sign(&jws_signer)
    .unwrap();

// Get the signed formatted token string
let token_str = oidc_signed.to_string();

// Build a validator from the public key of the signer. In a client scenario
// you would get this public jwk from the oidc authorisation server.
let public_jwk = jws_signer.public_key_as_jwk()
    .unwrap();
let jws_validator = JwsValidator::try_from(&public_jwk)
    .unwrap();

// Assuming we have the token_str, start to validate it.
let oidc_unverified = OidcUnverified::from_str(&token_str)
    .unwrap();

let curtime = SystemTime::now()
    .duration_since(SystemTime::UNIX_EPOCH)
    .expect("Failed to retrieve current time")
    .as_secs() as i64;

let oidc_validated = oidc_unverified
    .validate(&jws_validator, curtime)
    .unwrap();

// Prove we got back the same content.
assert!(oidc_validated == oidc);