[−][src]Module aliri_jose::jwt
Implementations of the JSON Web Tokens (JWT) standard
The specifications for this standard can be found in RFC7519.
Unencrypted JWTs generally appear as a three-part base64-encoded string,
where each part is separated by a .
.
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBbGlyaSJ9.KUj-klFcT39uuSIrU91spdBFnMHsn8TDJMeJ99coucA
The first section is the header in JSON format, and provides basic metadata about the token. These values are generally used to elect the specific key to be used for verifying the token's authenticity. Because of this, values in the header should be evaluated against strict expectations before use.
The second section is the payload in JSON format, and contains claims regarding the authentication, including how long the token is valid, who issued the token, who the token is intended for, and who the subject is that has been authentication. Nothing in this section should be trusted before the token's authenticity has been validated
The third section is the binary signature, which must be verified against some JSON Web Key, which, if valid, verifies that the headers and payload were signed by the authority using this key.
use aliri_core::base64::Base64UrlRef; use aliri_jose::{jwa, jws, jwt, Jwk, JwtRef}; use regex::Regex; let token = JwtRef::from_str(concat!( "eyJhbGciOiJIUzI1NiJ9.", "eyJzdWIiOiJBbGlyaSIsImF1ZCI6Im15X2FwaSIsImlzcyI6ImF1dGhvcml0eSJ9.", "2N5yyY2UjqlUKSSCpFVWzfixfBRTWahiN2PrUuiuxbE" )); let secret = Base64UrlRef::from_slice(b"test").to_owned(); let key = Jwk::from(jwa::Hmac::new(secret)) .with_algorithm(jwa::Algorithm::HS256); let validator = jwt::CoreValidator::default() .ignore_expiration() .add_approved_algorithm(jwa::Algorithm::HS256) .add_allowed_audience(jwt::Audience::new("my_api")) .require_issuer(jwt::Issuer::new("authority")) .check_subject(Regex::new("^Al.ri$").unwrap()); let data: jwt::Validated = token.verify(&key, &validator).unwrap();
Structs
Audience | An audience |
AudienceRef | Reference to an |
Audiences | A set of zero or more audiences |
Claims | Common claims used in JWTs |
CoreValidator | A core validator for JWTs |
Decomposed | A decomposed JWT header |
Empty | An empty structure |
Headers | Common headers used on JWTs |
Issuer | An issuer of JWTs |
IssuerRef | Reference to an |
Jwt | A JSON Web Token |
JwtRef | Reference to a JSON Web Token |
NoopValidator | A validator that makes no checks |
Subject | The subject of a JWT |
SubjectRef | Reference to a |
Validated | The validated headers and claims of a JWT |
Traits
ClaimsValidator | A claims validator |
CoreClaims | Core claims that most compliant and secure JWT tokens should have |
CoreHeaders | Indicates that the type has values common to a JWT header |
HasAlgorithm | Indicates that the type specifies the algorithm |