Expand description
JSON Web Token (JWT) implementation following RFC7519.
§Usage
§Decoding & Verification
use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::Jws;
use ssi_jwt::ToDecodedJwt;
let jws = Jws::new(b"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBTbWl0aCIsImlhdCI6MTcxNTM0Mjc5MCwiaXNzIjoiaHR0cDovL2V4YW1wbGUub3JnLyNpc3N1ZXIifQ.S51Gmlkwy4UxOhhc4nVl4_sHHVPSrNmjZDwJCDXDbKp2MT8-UyhZLw03gVKe-JRUzcsteWoeRCUoA5rwnuTSoA").unwrap();
let jwk: JWK = json!({
"kty": "EC",
"use": "sig",
"crv": "P-256",
"x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
"y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
"alg": "ES256"
}).try_into().unwrap();
assert!(jws.verify_jwt(&jwk).await.unwrap().is_ok());Internally ToDecodedJwt::verify_jwt uses
ToDecodedJwt::to_decoded_jwt to decode the JWT,
then DecodedJws::verify to validate the signature and
registered claims.
§Signature
Use the JwsPayload::sign method to sign a payload into a JWT.
use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::JwsPayload;
use ssi_jwt::{JWTClaims, Issuer, IssuedAt, ExpirationTime};
let mut claims: JWTClaims = Default::default();
claims.registered.set(Issuer("http://example.org/#issuer".parse().unwrap()));
claims.registered.set(IssuedAt("1715342790".parse().unwrap()));
claims.registered.set(ExpirationTime("1746881356".parse().unwrap()));
claims.private.set("name".to_owned(), "John Smith".into());
let jwk: JWK = json!({
"kty": "EC",
"d": "3KSLs0_obYeQXfEI9I3BBH5y7aOm028bEx3rW6i5UN4",
"use": "sig",
"crv": "P-256",
"x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
"y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
"alg": "ES256"
}).try_into().unwrap();
let jwt = claims.sign(&jwk).await.unwrap();
assert_eq!(jwt, "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vZXhhbXBsZS5vcmcvI2lzc3VlciIsImV4cCI6MTc0Njg4MTM1NiwiaWF0IjoxNzE1MzQyNzkwLCJuYW1lIjoiSm9obiBTbWl0aCJ9.zBfMZzfQuuSfzcZmnz0MjXwT1sP26qwVq2GZX3qL0DR3wRMVG-wbCu9jPJ48l-F_q7W253_VqMWpoLluHo-gpg")Macros§
- match_
claim_ type - Dynamic claim type matching.
Structs§
- AnyClaims
- Any set of JWT claims.
- Audience
- Audience (
aud) claim. - Expiration
Time - Expiration Time (
exp) claim. - Invalid
Claim Value - InvalidJWT
Claims - Issued
At - Issued At (
iat) claim. - Issuer
- Issuer (
iss) claim. - JWTClaims
- JSON Web Token claims.
- JWTClaims
Builder - JwtId
- JWT ID (
jti) claim. - Nonce
- NotBefore
- Not Before (
nbf) claim. - Numeric
Date - Represents NumericDate (see https://datatracker.ietf.org/doc/html/rfc7519#section-2) where the range is restricted to those in which microseconds can be exactly represented, which is approximately between the years 1685 and 2255, which was considered to be sufficient for the purposes of this crate. Note that leap seconds are ignored by this type, just as they’re ignored by NumericDate in the JWT standard.
- Registered
Claims - Subject
- Subject (
sub) claim. - Verifiable
Credential - Verifiable
Presentation
Enums§
- AnyRegistered
Claim - Claim
Kind - Decode
Error - Numeric
Date Conversion Error - Registered
Claim Kind - String
OrURI StringOrURIdatatype defined in RFC7519
Traits§
- Cast
Claim - Cast claim type
AintoB. - Claim
- JWT claim.
- Claim
Set - Infallible
Claim Set - Set of JWT claims.
- Into
Decoded Jwt - JWT consuming decoding.
- Registered
Claim - ToDecoded
Jwt - JWT borrowing decoding.
- TryInto
Claim
Functions§
Type Aliases§
- Decoded
Jwt - Decoded JWT.
- Registered
Claims Iter