systemprompt-oauth 0.14.2

OAuth 2.0 / OIDC with PKCE, token introspection, and audience/issuer validation for systemprompt.io AI governance infrastructure. WebAuthn and JWT auth for the MCP governance pipeline.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

//! JWT signature and claims validation.
//!
//! Thin wrapper over the shared [`decode_rs256_claims`] primitive so the OAuth
//! domain validates self-issued tokens with exactly the same kid lookup, RS256
//! enforcement, and `exp`/`nbf`/issuer/audience policy as every other surface.

use systemprompt_models::auth::JwtAudience;
use systemprompt_security::jwt::{ValidationPolicy, decode_rs256_claims};

use crate::error::OauthResult;
use crate::models::JwtClaims;

pub fn validate_jwt_token(
    token: &str,
    issuer: &str,
    audiences: &[JwtAudience],
) -> OauthResult<JwtClaims> {
    let policy = ValidationPolicy::issuer_scoped(issuer, audiences);
    Ok(decode_rs256_claims(token, &policy)?)
}