crab_jwks/
lib.rs

1//! # crab-jwt
2//!
3//! Minimal JWT/JWKS library for Rust with RS256 support.
4//!
5//! ## Features
6//!
7//! - Generate and verify JWT tokens with RS256 (RSA-SHA256)
8//! - Generate and parse JWKS (JSON Web Key Set)
9//! - RSA key generation and PEM import/export
10//! - Builder pattern for creating tokens
11//! - Manual time validation (optional)
12//!
13//! ## Quick Start
14//!
15//! ```rust
16//! use crab_jwt::{Jwt, Jwks, KeyPair};
17//!
18//! // Generate RSA key pair
19//! let keys = KeyPair::generate().unwrap();
20//!
21//! // Create a JWT token
22//! let token = Jwt::builder()
23//!     .subject("user123")
24//!     .issuer("my-app")
25//!     .claim("role", "admin")
26//!     .expiration_in(3600)  // expires in 1 hour
27//!     .sign(&keys.private)
28//!     .unwrap();
29//!
30//! // Verify the token
31//! let claims = Jwt::verify(&token, &keys.public).unwrap();
32//! assert_eq!(claims.sub, Some("user123".to_string()));
33//!
34//! // Check if token is expired (optional)
35//! if claims.is_expired() {
36//!     println!("Token has expired!");
37//! }
38//!
39//! // Generate JWKS for public distribution
40//! let jwks = Jwks::from_public_key(&keys.public, "key-1").unwrap();
41//! println!("{}", jwks.to_json());
42//! ```
43//!
44//! ## Key Management
45//!
46//! ```rust
47//! use crab_jwt::{KeyPair, PublicKeyExt};
48//! use rsa::RsaPublicKey;
49//!
50//! // Generate new keys
51//! let keys = KeyPair::generate().unwrap();
52//!
53//! // Export to PEM
54//! let private_pem = keys.to_private_pem().unwrap();
55//! let public_pem = keys.to_public_pem().unwrap();
56//!
57//! // Import from PEM
58//! let imported = KeyPair::from_private_pem(&private_pem).unwrap();
59//! let public_key = RsaPublicKey::from_pem(&public_pem).unwrap();
60//! ```
61//!
62//! ## JWKS Usage
63//!
64//! ```rust
65//! use crab_jwt::{Jwt, Jwks, KeyPair};
66//!
67//! let keys = KeyPair::generate().unwrap();
68//!
69//! // Create JWKS with multiple keys
70//! let mut jwks = Jwks::new();
71//! jwks.add_key(&keys.public, "key-1").unwrap();
72//!
73//! // Serialize to JSON (for HTTP endpoint)
74//! let json = jwks.to_json();
75//!
76//! // Parse JWKS from JSON
77//! let parsed = Jwks::from_json(&json).unwrap();
78//!
79//! // Get key by ID
80//! let public_key = parsed.get_key("key-1").unwrap();
81//!
82//! // Verify token with JWKS key
83//! let token = Jwt::builder()
84//!     .subject("user")
85//!     .sign(&keys.private)
86//!     .unwrap();
87//!
88//! let claims = Jwt::verify(&token, &public_key).unwrap();
89//! ```
90
91mod base64;
92mod claims;
93mod error;
94mod jwks;
95mod jwt;
96mod keys;
97
98pub use claims::Claims;
99pub use error::{Error, Result};
100pub use jwks::{Jwk, Jwks};
101pub use jwt::{Jwt, JwtBuilder};
102pub use keys::{KeyPair, PublicKeyExt};
103
104// Re-export rsa types for convenience
105pub use rsa::{RsaPrivateKey, RsaPublicKey};