jwt-verify 0.1.0

JWT verification library for AWS Cognito tokens and any OIDC-compatible IDP
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

use crate::cognito::config::VerifierConfig;
use crate::common::error::JwtError;
use crate::oidc::OidcProviderConfig;
use crate::verifier::{JwtVerifier, IdTokenClaims, AccessTokenClaims};

/// Enum representing the type of JWT verifier to create
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum VerifierType {
    /// AWS Cognito JWT verifier
    Cognito,
    /// OIDC-compatible JWT verifier
    Oidc,
}

/// JWT verifier enum that can hold either a Cognito or OIDC verifier
///
/// This enum implements the JwtVerifier trait and delegates to the appropriate
/// verifier implementation based on the variant.
#[derive(Debug)]
pub enum JwtVerifierEnum {
    /// AWS Cognito JWT verifier
    Cognito(crate::cognito::CognitoJwtVerifier),
    /// OIDC-compatible JWT verifier
    Oidc(crate::oidc::OidcJwtVerifier),
}

impl JwtVerifier for JwtVerifierEnum {
    async fn verify_id_token(&self, token: &str) -> Result<Box<dyn IdTokenClaims>, JwtError> {
        match self {
            JwtVerifierEnum::Cognito(verifier) => verifier.verify_id_token(token).await,
            JwtVerifierEnum::Oidc(verifier) => verifier.verify_id_token(token).await,
        }
    }

    async fn verify_access_token(
        &self,
        token: &str,
    ) -> Result<Box<dyn AccessTokenClaims>, JwtError> {
        match self {
            JwtVerifierEnum::Cognito(verifier) => verifier.verify_access_token(token).await,
            JwtVerifierEnum::Oidc(verifier) => verifier.verify_access_token(token).await,
        }
    }
}

/// Factory for creating JWT verifiers
///
/// This factory provides methods for creating different types of JWT verifiers
/// based on configuration.
///
/// # Examples
///
/// ```
/// use jwt_verify::verifier::{VerifierType, VerifierFactory};
/// use jwt_verify::VerifierConfig;
///
/// // Create a Cognito verifier
/// let config = VerifierConfig::new("us-west-2", "abcdefg123456", &["client1".to_string()], None).unwrap();
/// let verifier = VerifierFactory::create_cognito(config).unwrap();
///
/// // Create an OIDC verifier
/// let oidc_config = OidcProviderConfig::new(
///     "https://accounts.example.com",
///     Some("https://accounts.example.com/.well-known/jwks.json"),
///     &["client1".to_string()],
/// ).unwrap();
/// let oidc_verifier = VerifierFactory::create_oidc(vec![oidc_config]).unwrap();
/// ```
pub struct VerifierFactory;

impl VerifierFactory {
    /// Create a JWT verifier of the specified type
    ///
    /// # Parameters
    ///
    /// * `verifier_type` - The type of verifier to create
    /// * `config` - The configuration for the verifier
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing a JWT verifier if successful, or a `JwtError`
    /// if creation fails.
    pub fn create(
        verifier_type: VerifierType,
        config: VerifierConfig,
    ) -> Result<JwtVerifierEnum, JwtError> {
        match verifier_type {
            VerifierType::Cognito => Self::create_cognito(config),
            VerifierType::Oidc => Err(JwtError::ConfigurationError {
                parameter: Some("verifier_type".to_string()),
                error: "Cannot create OIDC verifier from Cognito config. Use create_oidc instead."
                    .to_string(),
            }),
        }
    }

    /// Create a Cognito JWT verifier
    ///
    /// # Parameters
    ///
    /// * `config` - The configuration for the verifier
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing a JWT verifier if successful, or a `JwtError`
    /// if creation fails.
    pub fn create_cognito(config: VerifierConfig) -> Result<JwtVerifierEnum, JwtError> {
        let verifier = crate::cognito::CognitoJwtVerifier::new(vec![config])?;
        Ok(JwtVerifierEnum::Cognito(verifier))
    }

    /// Create an OIDC JWT verifier
    ///
    /// # Parameters
    ///
    /// * `configs` - The configurations for the verifier
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing a JWT verifier if successful, or a `JwtError`
    /// if creation fails.
    pub fn create_oidc(configs: Vec<OidcProviderConfig>) -> Result<JwtVerifierEnum, JwtError> {
        let verifier = crate::oidc::OidcJwtVerifier::new(configs)?;
        Ok(JwtVerifierEnum::Oidc(verifier))
    }
}