Crate compact_jwt

Crate compact_jwt 

Source
Expand description

Json Web Tokens (JWT) are a popular method for creating signed transparent tokens that can be verified by clients and servers. They are enshrined in standards like OpenID Connect which causes them to be a widespread and required component of many modern web authentication system.

This is a minimal implementation of JWTs and Oidc Tokens that aims for auditability and correctness.

§Examples

use std::str::FromStr;
use std::convert::TryFrom;
use std::time::SystemTime;
use url::Url;
use compact_jwt::{
    OidcToken,
    OidcSubject,
    OidcUnverified,
    JwsEs256Signer,
    // Traits
    JwsSigner,
    JwsSignerToVerifier,
    JwsVerifier,
};

let oidc = OidcToken {
        iss: Url::parse("https://oidc.example.com").unwrap(),
        sub: OidcSubject::S("UniqueId".to_string()),
    };

let mut jws_es256_signer =
    JwsEs256Signer::generate_es256().unwrap();

let oidc_signed = jws_es256_signer.sign(&oidc)
    .unwrap();

// Get the signed formatted token string
let token_str = oidc_signed.to_string();

// Build a validator from the public key of the signer. In a client scenario
// you would get this public jwk from the oidc authorisation server.
let mut jwk_es256_verifier = jws_es256_signer
    .get_verifier()
    .expect("failed to get verifier from signer");

// Assuming we have the token_str, we parse it to an unverified state.
let oidc_unverified = OidcUnverified::from_str(&token_str)
    .unwrap();

let curtime = SystemTime::now()
    .duration_since(SystemTime::UNIX_EPOCH)
    .expect("Failed to retrieve current time")
    .as_secs() as i64;

let oidc_validated = jwk_es256_verifier
    .verify(&oidc_unverified)
    .and_then(|oidc_exp| oidc_exp.verify_exp(curtime))
    .unwrap();

// Prove we got back the same content.
assert!(oidc_validated == oidc);

Re-exports§

pub use crate::crypto::JwsEs256Signer;
pub use crate::crypto::JwsEs256Verifier;
pub use crate::crypto::JwsHs256Signer;
pub use crate::compact::JwaAlg;
pub use crate::compact::JweCompact;
pub use crate::compact::Jwk;
pub use crate::compact::JwkKeySet;
pub use crate::compact::JwkUse;
pub use crate::compact::JwsCompact;
pub use crate::error::JwtError;
pub use crate::jws::Jws;
pub use crate::jws::JwsSigned;
pub use crate::jwt::Jwt;
pub use crate::jwt::JwtSigned;
pub use crate::jwt::JwtUnverified;
pub use crate::oidc::OidcClaims;
pub use crate::oidc::OidcSigned;
pub use crate::oidc::OidcSubject;
pub use crate::oidc::OidcToken;
pub use crate::oidc::OidcUnverified;
pub use crate::traits::JwsSigner;
pub use crate::traits::JwsSignerToVerifier;
pub use crate::traits::JwsVerifier;

Modules§

compact
crypto
JWS Signing and Verification Structures
dangernoverify
A dangerous verification type that allows bypassing cryptographic checking of the content of JWS tokens.
error
Error types.
jwe
JWE Implementation
jws
JWS Implementation
jwt
Jwt implementation
oidc
Oidc token implementation
traits
Traits that define behaviour of JWS signing and verification types.