lib_service_jwt 0.1.4

Scalable JWT Management with Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

use serde_json::json;
use std::collections::{HashMap};
use lib_service_jwt::errors::JwtServiceError;
use lib_service_jwt::jwt::{JwtAlgorithm, JwtKeys, shorten_token, current_timestamp};

fn main() -> Result<(), JwtServiceError> {
    let keys = JwtKeys::from_algorithm(JwtAlgorithm::RS256 {
        access_private: include_bytes!("rsa/access-private.pem").to_vec(),
        access_public: include_bytes!("rsa/access-public.pem").to_vec(),
        refresh_private: include_bytes!("rsa/refresh-private.pem").to_vec(),
        refresh_public: include_bytes!("rsa/refresh-public.pem").to_vec(),
    })?;

    let kid = "some-key-id";
    let user_id = "user123";
    let expires_in = 60 * 60 * 24 * 30;
    let mut extra = HashMap::new();

    let roles = vec!["admin", "user"];
    extra.insert("roles".to_string(), json!(roles));

    let email = "user123@example.com";
    let permissions = vec!["read", "write", "execute"];
    let iat = current_timestamp();
    let nbf = current_timestamp();

    let audiences = Some(vec!["myApp1".to_string(), "myApp2".to_string()]);
    extra.insert("aud".to_string(), json!(audiences.clone()));
    extra.insert("email".to_string(), json!(email));
    extra.insert("permissions".to_string(), json!(permissions));
    extra.insert("iat".to_string(), json!(iat));
    extra.insert("nbf".to_string(), json!(nbf));

    let token = keys.generate_access_token(kid, user_id, expires_in, Some(extra.clone()))?;
    let shorten_token = shorten_token(&token);
    println!("Generated Access Token: {} | Short: {}", token, shorten_token);

    let decoded = keys.decode_token(&token, "access", audiences.clone())?;

    println!("Decoded Token Claims: {:?}", decoded.claims);
    assert_eq!(decoded.claims.sub, user_id);

    let maybe_email = decoded.claims.extra.get("email")
        .and_then(|v| v.as_str())
        .ok_or_else(|| JwtServiceError::JsonError( "Missing or invalid email in token".to_string()))?;
    
    assert_eq!(maybe_email, "user123@example.com");

    let roles: Vec<String> = decoded.claims.extra.get("roles")
        .and_then(|v| v.as_array())
        .unwrap_or(&vec![])
        .iter()
        .filter_map(|v| v.as_str().map(|s| s.to_string()))
        .collect();

    assert_eq!(roles, vec!["admin", "user"]);

    Ok(())
}