jwts 0.2.1

A rust implementation of JSON Web Tokens.
Documentation

jwt-rust

jwts jwts jwts jwts

jwt

A rust implementation of JSON Web Tokens.

Examples

Sign

use jwts::Claims;
use jwts::jws::{Algorithm, Key, Token};

let mut claims = Claims::new();
claims.iss = Some("sea".to_owned());

let mut token = Token::with_payload(claims);

// custom the header like:
// token.header.cty = Some("application/example".to_owned());

let key = Key::new(b"secret", Algorithm::HS256);
let token = token.sign(&key).unwrap();

assert_eq!(token, "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzZWEifQ.L0DLtDjydcSK-c0gTyOYbmUQ_LUCZzqAGCINn2OLhFs");

Verify

use jwts::{Claims, ValidationConfig};
use jwts::jws::{Algorithm, Key, Token};

let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzZWEiLCJleHAiOjEwNTc3MDkxMDU2LCJuYmYiOjE1NzcwOTEwNTYsImlhdCI6MTU3NzA5MTA1Nn0.4HwFlFB3LMhVc2xpsGBGSO3ut1KmnFdF8JrsL589ytw";

let key = Key::new(b"secret", Algorithm::HS256);
let verified: Token<Claims> = Token::verify_with_key(token, &key).unwrap();

// use key resolver like:
// let verified: Token<Claims> = Token::verify_with_key_resolver(token, |header, payload| {
//     // return a Key here
// }).unwrap();

println!("{:?}", verified);

// validate claims
let config = ValidationConfig {
    iat_validation: true,
    nbf_validation: true,
    exp_validation: true,
    expected_iss: Some("sea".to_owned()),
    expected_sub: None,
    expected_aud: None,
    expected_jti: None,
};
verified.validate_claims(&config).unwrap();

Custom Claims

use jwts::jws::{Algorithm, Key, Token};

#[macro_use]
extern crate serde_derive;

#[derive(Debug, Serialize, Deserialize)]
struct CustomClaims {
    iss: String,
}

let claims = CustomClaims {
    iss: "sea".to_owned(),
};

let mut token = Token::with_payload(claims);
let key = Key::new(b"secret", Algorithm::HS256);
let token = token.sign(&key).unwrap();
let token: Token<CustomClaims> = Token::decode(&token).unwrap(); // here decode without verification for demonstration
println!("{:?}", token);

Algorithms

Sign and verify use crate ring.

  • HS256 - HMAC using SHA-256
  • HS384 - HMAC using SHA-384
  • HS512 - HMAC using SHA-512
  • RS256 - RSASSA-PKCS1-v1_5 using SHA-256
  • RS384 - RSASSA-PKCS1-v1_5 using SHA-384
  • RS512 - RSASSA-PKCS1-v1_5 using SHA-512
  • ES256 - ECDSA using P-256 and SHA-256
  • ES384 - ECDSA using P-384 and SHA-384
  • ES512 - ECDSA using P-521 and SHA-512
  • PS256 - RSASSA-PSS using SHA-256 and MGF1 with SHA-256
  • PS384 - RSASSA-PSS using SHA-384 and MGF1 with SHA-384
  • PS512 - RSASSA-PSS using SHA-512 and MGF1 with SHA-512

More

RFC 7519 JSON Web Token (JWT)

RFC 7515 JSON Web Signature (JWS)

RFC 7518 JSON Web Algorithms (JWA)

License

Apache 2.0 License