Crate compact_jwt
source ·Expand description
Json Web Tokens (JWT) are a popular method for creating signed transparent tokens that can be verified by clients and servers. They are enshrined in standards like OpenID Connect which causes them to be a widespread and required component of many modern web authentication system.
This is a minimal implementation of JWTs and Oidc Tokens that aims for auditability and correctness.
Examples
use std::str::FromStr;
use std::convert::TryFrom;
use std::time::SystemTime;
use url::Url;
use compact_jwt::{
OidcToken,
OidcSubject,
OidcUnverified,
JwsEs256Signer,
// Traits
JwsSigner,
JwsSignerToVerifier,
JwsVerifier,
};
let oidc = OidcToken {
iss: Url::parse("https://oidc.example.com").unwrap(),
sub: OidcSubject::S("UniqueId".to_string()),
};
let mut jws_es256_signer =
JwsEs256Signer::generate_es256().unwrap();
let oidc_signed = jws_es256_signer.sign(&oidc)
.unwrap();
// Get the signed formatted token string
let token_str = oidc_signed.to_string();
// Build a validator from the public key of the signer. In a client scenario
// you would get this public jwk from the oidc authorisation server.
let mut jwk_es256_verifier = jws_es256_signer
.get_verifier()
.expect("failed to get verifier from signer");
// Assuming we have the token_str, we parse it to an unverified state.
let oidc_unverified = OidcUnverified::from_str(&token_str)
.unwrap();
let curtime = SystemTime::now()
.duration_since(SystemTime::UNIX_EPOCH)
.expect("Failed to retrieve current time")
.as_secs() as i64;
let oidc_validated = jwk_es256_verifier
.verify(&oidc_unverified)
.and_then(|oidc_exp| oidc_exp.verify_exp(curtime))
.unwrap();
// Prove we got back the same content.
assert!(oidc_validated == oidc);
Re-exports
pub use crate::crypto::JwsEs256Signer;
pub use crate::crypto::JwsEs256Verifier;
pub use crate::crypto::JwsHs256Signer;
pub use crate::compact::JwaAlg;
pub use crate::compact::Jwk;
pub use crate::compact::JwsCompact;
pub use crate::error::JwtError;
pub use crate::jws::Jws;
pub use crate::jws::JwsSigned;
pub use crate::jwt::Jwt;
pub use crate::jwt::JwtSigned;
pub use crate::jwt::JwtUnverified;
pub use crate::oidc::OidcClaims;
pub use crate::oidc::OidcSigned;
pub use crate::oidc::OidcSubject;
pub use crate::oidc::OidcToken;
pub use crate::oidc::OidcUnverified;
pub use crate::traits::JwsSigner;
pub use crate::traits::JwsSignerToVerifier;
pub use crate::traits::JwsVerifier;
Modules
- JWS Signing and Verification Structures
- Error types.
- JWS Implementation
- Jwt implementation
- Oidc token implementation
- Traits that define behaviour of JWS signing and verification types.