truelayer-signing
Rust crate to produce & verify TrueLayer API requests signatures.
// `Tl-Signature` value to send with the request.
let tl_signature = sign_with_pem
.method
.path
.header
.body
.build_signer
.sign?;
See full example.
Prerequisites
- OpenSSL (see here for instructions).
Verifying webhooks
The verify_with_jwks
function may be used to verify webhook Tl-Signature
header signatures.
// `jku` field is included in webhook signatures
let jku = extract_jws_header?.jku?;
// check `jku` is an allowed TrueLayer url & fetch jwks JSON (not provided by this lib)
ensure_jku_allowed?;
let jwks = fetch_jwks;
// jwks may be used directly to verify a signature
verify_with_jwks
.method
.path
.headers
.body
.build_verifier
.verify?;