ASAP for Rust
This is a rust library for generating and validating ASAP tokens. It provides options for doing so that are compliant with the ASAP specification.
Installation and Usage
This crate currently depends on a valid installation of openssl
. See the openssl
crate's repo for more installation details relating to openssl
.
It depends on openssl
in order to convert a PEM-encoded private key to DER when instantiating from environment variables (see Generator::from_env()
).
Other than that, this crate simply provides an ASAP Generator
and an ASAP Validator
, which generate and validate ASAP tokens according to the specification.
To install, add the following lines to your Cargo.toml
:
= "0.2"
# These crates are required for defining your own `Claims` struct (which needs
# to be serialised into the token).
= "1"
= "1"
And see the documentation and API which should be straightforward enough for anything you'd need.
Development/Testing
Currently, running the tests has some limitations:
- The tests need a local keyserver running at
http://localhost:8000
- A sample mini-keyserver is provided in this repository
- The tests need to be run serially
- Since they also test that requests were made to the keyserver, etc.
To run the tests, perform the following:
# Runs a simple keyserver.
# In a different shell, run the tests serially:
RUST_TEST_THREADS=1
References
- ASAP Spec: https://s2sauth.bitbucket.io/spec/
- JWT Spec: https://tools.ietf.org/html/rfc7519
- JWS Spec: https://tools.ietf.org/html/rfc7515