jwt-verify 0.1.0

JWT verification library for AWS Cognito tokens and any OIDC-compatible IDP
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

use std::fmt::Debug;

use crate::common::error::JwtError;

/// Common trait for JWT verifiers
///
/// This trait defines the common interface that all JWT verifiers must implement.
/// It provides methods for verifying different types of tokens and extracting claims.
///
/// Implementations of this trait include:
/// - `CognitoJwtVerifier` for AWS Cognito tokens
/// - `OidcJwtVerifier` for OIDC-compatible identity providers
pub trait JwtVerifier: Send + Sync + Debug {
    /// Verify a token with generic type support
    ///
    /// This method verifies a JWT token and returns the claims as the specified type.
    ///
    /// # Parameters
    ///
    /// * `token` - The JWT token to verify
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing the verified claims if successful, or a `JwtError`
    /// if verification fails.
    // Note: We can't use a generic method in a trait object, so we'll use specific methods instead
    // async fn verify<T>(&self, token: &str) -> Result<T, JwtError>
    // where
    //     T: DeserializeOwned + Send;

    /// Verify an ID token
    ///
    /// This method verifies an ID token and returns the claims.
    ///
    /// # Parameters
    ///
    /// * `token` - The ID token to verify
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing the verified ID token claims if successful,
    /// or a `JwtError` if verification fails.
    async fn verify_id_token(&self, token: &str) -> Result<Box<dyn IdTokenClaims>, JwtError>;

    /// Verify an access token
    ///
    /// This method verifies an access token and returns the claims.
    ///
    /// # Parameters
    ///
    /// * `token` - The access token to verify
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing the verified access token claims if successful,
    /// or a `JwtError` if verification fails.
    async fn verify_access_token(
        &self,
        token: &str,
    ) -> Result<Box<dyn AccessTokenClaims>, JwtError>;
}

/// Common trait for ID token claims
///
/// This trait defines the common interface for ID token claims across different
/// identity providers.
pub trait IdTokenClaims: Send + Sync + Debug {
    /// Get the subject (user identifier)
    fn get_sub(&self) -> &str;

    /// Get the issuer
    fn get_iss(&self) -> &str;

    /// Get the audience
    fn get_aud(&self) -> &str;

    /// Get the expiration time
    fn get_exp(&self) -> u64;

    /// Get the issued at time
    fn get_iat(&self) -> u64;

    /// Get the user's email if available
    fn get_email(&self) -> Option<&str>;

    /// Check if the user's email is verified
    fn is_email_verified(&self) -> bool;

    /// Get the user's name if available
    fn get_name(&self) -> Option<&str>;
}

/// Common trait for access token claims
///
/// This trait defines the common interface for access token claims across different
/// identity providers.
pub trait AccessTokenClaims: Send + Sync + Debug {
    /// Get the subject (user identifier)
    fn get_sub(&self) -> &str;

    /// Get the issuer
    fn get_iss(&self) -> &str;

    /// Get the audience
    fn get_aud(&self) -> &str;

    /// Get the expiration time
    fn get_exp(&self) -> u64;

    /// Get the issued at time
    fn get_iat(&self) -> u64;

    /// Get the token's scope as a list of individual scopes
    fn get_scopes(&self) -> Vec<String>;

    /// Check if the token has a specific scope
    fn has_scope(&self, scope: &str) -> bool;

    /// Get the client ID if available
    fn get_client_id(&self) -> Option<&str>;
}