firebase_verifyid/
token_verifier.rs

1use super::{Error, FirebaseClaims, Settings};
2use jwt_simple::{
3    algorithms::{RS256PublicKey, RSAPublicKeyLike},
4    claims::JWTClaims,
5    common::VerificationOptions,
6    prelude::Ed25519PublicKey,
7};
8use std::collections::HashMap;
9use tokio::sync::watch;
10
11#[derive(Clone)]
12pub struct TokenVerifier {
13    jwks: watch::Receiver<HashMap<String, RS256PublicKey>>,
14    verify_opts: VerificationOptions,
15    pub(crate) bearer_verifier: Option<Ed25519PublicKey>,
16}
17
18impl TokenVerifier {
19    pub fn new(
20        jwks: watch::Receiver<HashMap<String, RS256PublicKey>>,
21        settings: Settings,
22    ) -> Result<Self, Error> {
23        let bearer_verifier = settings.bearer_pubkey().transpose()?;
24        Ok(Self {
25            jwks,
26            verify_opts: settings.into(),
27            bearer_verifier,
28        })
29    }
30
31    pub fn verify_token(
32        &self,
33        key_id: &str,
34        token: &str,
35    ) -> Result<JWTClaims<FirebaseClaims>, Error> {
36        self.jwks
37            .borrow()
38            .get(key_id)
39            .map(|pubkey| {
40                pubkey.verify_token::<FirebaseClaims>(token, Some(self.verify_opts.clone()))
41            })
42            .ok_or_else(|| Error::UnknownJwk(key_id.to_string()))?
43            .map_err(Error::from)
44    }
45}
firebase_verifyid/token_verifier.rs

firebase_verifyid/
token_verifier.rs
