Compact JWT implementation in Rust
Minimalistic JSON web token (JWT) implementation with focus on type safety and secure cryptographic primitives.
Usage
See the crate docs for the examples of usage.
Features
- Algorithm-specific signing and verifying keys (i.e., type safety).
- Easy to extend to support new signing algorithms.
- The crate supports more compact CBOR encoding of the claims.
HS256
,HS384
andHS512
algorithms are implemented via pure Rustsha2
crate.- The crate supports
EdDSA
algorithm with the Ed25519 elliptic curve, andES256K
algorithm with the secp256k1 elliptic curve. Both curves are widely used in crypto community and believed to be securely generated (there are some doubts about parameter generation for elliptic curves used in standardES*
algorithms).
Missing features
- Support of RSA (
RS*
andPS*
) and standard elliptic curve (ES*
) algorithms. - Built-in checks of some claims (e.g.,
iss
– the token issuer). This is intentional: depending on the use case, such claims can have different semantics and thus be represented by different datatypes (e.g.,iss
may be a human-readable short ID, a hex-encoded key digest, etc.)
Alternatives
jsonwebtoken
, frank_jwt
or biscuit
may be viable alternatives depending on the use case
(e.g., none of them seems to implement EdDSA
or ES256K
algorithms).
License
Licensed under the Apache-2.0 license.