jwtea 0.1.0

Lean JWT library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

use std::fmt;


/// Errors produced by this library.
#[derive(Debug)]
#[non_exhaustive]
pub enum Error {
    /// Surface format incorrect (three dots, base64).
    InvalidSyntax,

    /// Header or payload contained invalid UTF-8.
    InvalidUtf8,

    /// Header or payload contained invalid JSON.
    InvalidJson(serde_json::Error),

    /// Algorithm not supported by this application.
    UnsupportedAlg,

    /// There is no suitable key for the given `alg`/`kid`.
    NoSuitableKey,

    /// The key's algorithm does not match the JWT's algorithm.
    AlgoMismatch,

    /// Signature could not be validated with the available keys.
    InvalidSignature,

    /// Required `exp` claim missing in token.
    ExpMissing,

    /// The token has expired according to the `exp` claim.
    Expired,

    /// The token is not valid yet according to the `nbf` claim.
    NotValidYet,

    /// An arbitrary validation error.
    ValidationError(String),

    /// JWK is invalid or unsupported.
    InvalidJwk(String),

    /// A key is rejected by the cryptographic library.
    KeyRejected(aws_lc_rs::error::KeyRejected),
}

impl std::error::Error for Error {
    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
        match self {
            Self::InvalidJson(error) => Some(error),
            Self::KeyRejected(error) => Some(error),
            _ => None,
        }
    }
}

impl fmt::Display for Error {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::InvalidSyntax => {
                write!(f, "invalid surface level syntax (wrong number of dots, base64)")
            },
            Self::InvalidUtf8 => write!(f, "invalid UTF-8"),
            Self::InvalidJson(error) => {
                write!(f, "invalid JSON")?;
                if f.alternate() {
                    write!(f, ": {error}")?;
                }
                Ok(())
            },
            Self::UnsupportedAlg => write!(f, "alg not supported"),
            Self::NoSuitableKey => write!(f, "no suitable key found for alg/kid"),
            Self::AlgoMismatch => write!(f, "key does not match the given alg"),
            Self::InvalidSignature => write!(f, "signature is invalid"),
            Self::ExpMissing => write!(f, "`exp` claim required but missing"),
            Self::Expired => write!(f, "JWT is expired (`exp`)"),
            Self::NotValidYet => write!(f, "JWT is not valid yet (`nbf`)"),
            Self::ValidationError(msg) => write!(f, "failed to validate: {msg}"),
            Self::InvalidJwk(msg) => write!(f, "invalid JWK: {msg}"),
            Self::KeyRejected(err) => {
                write!(f, "cryptographic key rejected")?;
                if f.alternate() {
                    write!(f, ": {err}")?;
                }
                Ok(())
            }
        }
    }
}

impl From<aws_lc_rs::error::KeyRejected> for Error {
    fn from(value: aws_lc_rs::error::KeyRejected) -> Self {
        Self::KeyRejected(value)
    }
}