TODO
- Add more examples
- Improve coverage
Features
- Manages & Orchestrates JWT for user login, logout & renew
- Easy start
- No un-safe code
- Runs on stable rust
- Library approach (Requires no runtime)
- Supports plugable components (Store & Hasher)
- Invalidates old refresh upon new refresh token renewal
- Invalidates old authentication upon new authentication token renewal
- Handles Thundering herd problem upon authentication token expiry
Quickstart
Dependencies:
./generate_certificates.sh
[dependencies]
jwtvault = "*"
use jwtvault::prelude::*;
use std::collections::HashMap;
fn main() {
let mut users = HashMap::new();
let user_john = "John Doe";
let password_for_john = "john";
let user_jane = "Jane Doe";
let password_for_jane = "jane";
users.insert(user_john.to_string(), password_for_john.to_string());
users.insert(user_jane.to_string(), password_for_jane.to_string());
let mut vault = DefaultVault::new(users);
let token = vault.login(
user_john,
password_for_john,
None,
None,
).ok().unwrap().unwrap();
let server_refresh_token = vault.resolve_server_token_from_client_authentication_token(
user_john.as_bytes(),
token.authentication_token()
).ok().unwrap();
let private_info_about_john = server_refresh_token.server().unwrap();
let data_from_server_side = server_refresh_token.client().unwrap();
println!(" [Public] John Info: {}",
String::from_utf8_lossy(data_from_server_side.as_slice()).to_string());
println!("[Private] John Info: {}",
String::from_utf8_lossy(private_info_about_john.as_slice()).to_string());
let new_token = vault.renew(
user_john.as_bytes(),
token.refresh_token(),
None,
).ok().unwrap();
let _ = vault.resolve_server_token_from_client_authentication_token(
user_john.as_bytes(), new_token.as_str(),
).ok().unwrap();
}
Workflows
-
To begin use login
with user and password
-
Upon successful login is provides user will be provided with JWT pair (authentication/refresh)
-
Authentication token is then provided to access any resources
-
Refresh token is used to renew an authentication token upon expiry
-
Use resolve_server_token_from_client_authentication_token
with user and authentication_token to restore user session
-
Use renew
with user and refresh_token to generate new authentication token
-
Use logout
with user and authentication_token will remove all tokens associated with the user