jwtvault 0.4.2

Highly flexible library to manage and orchestrate JWT workflow
Documentation

Build Status codecov Version RepoSize Crates.io Crates.io Crates.io Contributors

TODO

  • Add more examples
  • Improve coverage

Features

  • Manages & Orchestrates JWT for user login, logout & renew
  • Async ready
  • Easy start
  • No un-safe code
  • Runs on stable rust
  • Library approach (Requires no runtime)
  • Supports plugable components
  • Invalidates old refresh upon new refresh token renewal
  • Invalidates old authentication upon new authentication token renewal
  • Handles Thundering herd problem upon authentication token expiry

Quickstart

Prerequisite:

 [dependencies]
 jwtvault = "*"

$ curl https://raw.githubusercontent.com/sgrust01/jwtvault/master/generate_certificates.sh > ./generate_certificates.sh

 $ chmod 700 generate_certificates.sh && ./generate_certificates.sh

use jwtvault::prelude::*;
use std::collections::HashMap;
use std::collections::hash_map::DefaultHasher;

fn main() {
    let mut users = HashMap::new();

    // User: John Doe
    let user_john = "john_doe";
    let password_for_john = "john";

    // User: Jane Doe
    let user_jane = "jane_doe";
    let password_for_jane = "jane";

    // load users and their password from database/somewhere
    users.insert(user_john.to_string(), password_for_john.to_string());
    users.insert(user_jane.to_string(), password_for_jane.to_string());

    let loader = CertificateManger::default();

    // Initialize vault
    let mut vault = DefaultVault::new(loader, users);

    // John needs to login now
    let token = block_on(vault.login(
        user_john,
        password_for_john,
        None,
        None,
    ));
    let token = token.ok().unwrap();
    // When John presents authentication token, it can be used to restore John's session info
    let server_refresh_token = block_on(resolve_session_from_client_authentication_token(
        &mut vault,
        user_john,
        token.authentication(),
    ));
    let server_refresh_token = server_refresh_token.ok().unwrap();

    // server_refresh_token (variable) contains server method which captures client private info
    // which never leaves the server
    let private_info_about_john = server_refresh_token.server().unwrap();
    let key = digest::<_, DefaultHasher>(user_john);
    let data_on_server_side = private_info_about_john.get(&key).unwrap();

    // server_refresh_token (variable) contains client method which captures client public info
    // which is also send back to client
    assert!(server_refresh_token.client().is_none());

    // Check out the data on client and server which are public and private respectively
    println!("[Private] John Info: {}",
             String::from_utf8_lossy(data_on_server_side.as_slice()).to_string());

    // lets renew authentication token
    let new_token = block_on(vault.renew(
        user_john,
        token.refresh(),
        None,
    ));
    let new_token = new_token.ok().unwrap();

    // When John presents new authentication token it can be used to restore session info
    let result = block_on(resolve_session_from_client_authentication_token(
        &mut vault,
        user_john,
        new_token.as_str(),
    ));
    let _ = result.ok().unwrap();
}

Workflows

  • To begin use login with user and password

    • Upon successful login is provides user will be provided with JWT pair (authentication/refresh)

    • Authentication token is then provided to access any resources

    • Refresh token is used to renew an authentication token upon expiry

  • Use resolve_session_from_client_authentication_token with user and authentication_token to restore user session

  • Use renew with user and refresh_token to generate new authentication token

  • Use logout with user and authentication_token will remove all tokens associated with the user