sdjwt 0.8.1

SD-JWT support for Issuers, Holders, and Verifiers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

use crate::Algorithm;
use std::collections::HashSet;

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Validation {
    pub required_spec_claims: Option<HashSet<String>>,
    pub leeway: u64,
    pub validate_exp: bool,
    pub validate_nbf: bool,
    pub validate_aud: bool,
    pub aud: Option<HashSet<String>>,
    pub iss: Option<String>,
    pub sub: Option<String>,
    pub algorithms: Algorithm,
}

impl Validation {
    pub fn new(alg: Algorithm) -> Validation {
        Validation {
            required_spec_claims: None,
            algorithms: alg,
            leeway: 0,

            validate_exp: true,
            validate_nbf: false,
            validate_aud: true,

            iss: None,
            sub: None,
            aud: None,
        }
    }

    /// Disable expiration (`exp`) validation.
    pub fn without_expiry(self) -> Self {
        Self {
            validate_exp: false,
            ..Self::default()
        }
    }

    /// Set a single audience member as the only acceptable value.
    pub fn with_audience<T: ToString>(self, audience: T) -> Self {
        Self {
            aud: Some(HashSet::from([audience.to_string()])),
            ..self
        }
    }

    /// Set the issuer claim to validate.
    pub fn with_issuer<T: ToString>(self, issuer: T) -> Self {
        Self {
            iss: Some(issuer.to_string()),
            ..self
        }
    }

    /// Set the subject claim to validate.
    pub fn with_subject<T: ToString>(self, subject: T) -> Self {
        Self {
            sub: Some(subject.to_string()),
            ..self
        }
    }

    /// Set leeway for time-related claims (`exp`, `nbf`, `iat`).
    pub fn with_leeway(self, leeway: u64) -> Self {
        Self { leeway, ..self }
    }

    /// Add an allowed signing algorithm.
    pub fn with_algorithm(mut self, alg: Algorithm) -> Self {
        self.algorithms = alg;
        self
    }

    /// Add a required claim.
    pub fn with_required_claim<T: ToString>(mut self, claim: T) -> Self {
        if let Some(ref mut required_claims) = self.required_spec_claims {
            required_claims.insert(claim.to_string());
        } else {
            self.required_spec_claims = Some(HashSet::from([claim.to_string()]));
        }
        self
    }
}

impl Default for Validation {
    fn default() -> Self {
        Self::new(Algorithm::RS256)
    }
}