aliri

This crate implements the Javascript/JSON Object Signing and Encryption (JOSE) standards, including:

• JSON Web Signature (JWS): RFC7515
• JSON Web Key (JWK): RFC7517
• JSON Web Algorithms (JWA): RFC7518
• JSON Web Token (JWT): RFC7519

JSON Web Encryption (JWE), RFC7516, is not yet supported.

Example

use aliri_base64::Base64UrlRef;
use aliri::{jwa, jwk, jws, jwt, jwt::CoreHeaders, Jwk, JwtRef};
use regex::Regex;
use aliri::jwt::HasAlgorithm;

let token = JwtRef::from_str(concat!(
"eyJhbGciOiJIUzI1NiIsImtpZCI6InRlc3Qga2V5In0.",
"eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.",
"yKDd4Ba3fdedqRKHrSUUMuF01-ctdXzEKM9oyWjSx9A"
));

let secret = Base64UrlRef::from_slice(b"test").to_owned();
let key = Jwk::from(jwa::Hmac::new(secret))
.with_algorithm(jwa::Algorithm::HS256)
.with_key_id(jwk::KeyId::new("test key"));

let mut keys = aliri::Jwks::default();
keys.add_key(key);

let validator = jwt::CoreValidator::default()
.ignore_expiration()
.add_approved_algorithm(jwa::Algorithm::HS256)
.add_allowed_audience(jwt::Audience::new("my_api"))
.require_issuer(jwt::Issuer::new("authority"))
.check_subject(Regex::new("^Al.ri$").unwrap());

let decomposed = token.decompose::<jwt::Empty>().unwrap();
let key_ref = keys.get_key_by_id(decomposed.kid().unwrap(), decomposed.alg()).unwrap();

let data: jwt::Validated = token.verify(key_ref, &validator)
.expect("JWT was invalid");
# let _ = data;

Inspect this token at jwt.io and verify with the shared secret test.