Crate compact_jwt
source · [−]Expand description
Json Web Tokens (JWT) are a popular method for creating signed transparent tokens that can be verified by clients and servers. They are enshrined in standards like OpenID Connect which causes them to be a widespread and required component of many modern web authentication system.
This is a minimal implementation of JWTs and Oidc Tokens that aims for auditability and correctness.
Examples
use std::str::FromStr;
use std::convert::TryFrom;
use std::time::SystemTime;
use url::Url;
use compact_jwt::{JwsValidator, JwsSigner, OidcToken, OidcSubject, OidcUnverified};
let oidc = OidcToken {
iss: Url::parse("https://oidc.example.com").unwrap(),
sub: OidcSubject::S("UniqueId".to_string()),
};
let jws_signer = JwsSigner::generate_es256()
.unwrap();
let oidc_signed = oidc.sign(&jws_signer)
.unwrap();
// Get the signed formatted token string
let token_str = oidc_signed.to_string();
// Build a validator from the public key of the signer. In a client scenario
// you would get this public jwk from the oidc authorisation server.
let public_jwk = jws_signer.public_key_as_jwk()
.unwrap();
let jws_validator = JwsValidator::try_from(&public_jwk)
.unwrap();
// Assuming we have the token_str, start to validate it.
let oidc_unverified = OidcUnverified::from_str(&token_str)
.unwrap();
let curtime = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.expect("Failed to retrieve current time")
.as_secs() as i64;
let oidc_validated = oidc_unverified
.validate(&jws_validator, curtime)
.unwrap();
// Prove we got back the same content.
assert!(oidc_validated == oidc);
Re-exports
pub use crate::crypto::JwaAlg;
pub use crate::crypto::Jwk;
pub use crate::crypto::JwkKeySet;
pub use crate::crypto::JwkUse;
pub use crate::crypto::JwsSigner;
pub use crate::crypto::JwsValidator;
pub use crate::error::JwtError;
pub use crate::jws::Jws;
pub use crate::jws::JwsSigned;
pub use crate::jws::JwsUnverified;
pub use crate::jwt::Jwt;
pub use crate::jwt::JwtSigned;
pub use crate::jwt::JwtUnverified;
pub use crate::oidc::OidcClaims;
pub use crate::oidc::OidcSigned;
pub use crate::oidc::OidcSubject;
pub use crate::oidc::OidcToken;
pub use crate::oidc::OidcUnverified;