hessra_token

Function verify_token

Source 
pub fn verify_token(
    token_string: &str,
    public_key: PublicKey,
    subject: &str,
    resource: &str,
) -> Result<(), TokenError>
Expand description

Verify a base64-encoded token string

This is a convenience function that decodes the token string and calls verify_biscuit_local

§Arguments

  • token_string - Base64 encoded token string
  • public_key - The public key used to verify the token signature
  • subject - The subject (user) identifier to verify authorization for
  • resource - The resource identifier to verify authorization against

§Returns

  • Ok(()) - If the token is valid and grants access to the resource
  • Err(TokenError) - If verification fails for any reason
Examples found in repository?
examples/token_attenuation.rs (lines 32-37)
6fn main() -> Result<(), TokenError> {
7    // Generate an example token
8    let (token_base64, root_keypair) = generate_example_token()?;
9    println!("Original token: {}\n", token_base64);
10
11    // Create a service node keypair
12    let service_keypair = KeyPair::new();
13
14    // 1. First, we need the binary token data
15    let token_bytes = decode_token(&token_base64)?;
16
17    // 2. Add service node attenuation
18    println!("Adding service node attenuation...");
19    let attenuated_token = add_service_node_attenuation(
20        token_bytes,
21        root_keypair.public(),
22        "my-service",
23        &service_keypair,
24    )?;
25
26    // 3. Encode back to base64
27    let attenuated_token_base64 = encode_token(&attenuated_token);
28    println!("Attenuated token: {}\n", attenuated_token_base64);
29
30    // 4. Verify the attenuated token still works
31    println!("Verifying attenuated token...");
32    verify_token(
33        &attenuated_token_base64,
34        root_keypair.public(),
35        "alice",
36        "resource1",
37    )?;
38    println!("✅ Verification successful for attenuated token");
39
40    // 5. Generate a chain of attenuations
41    println!("\nCreating a chain of attenuations...");
42    let token_with_chain = create_attenuation_chain(&token_base64, &root_keypair)?;
43    println!("Token with attenuation chain: {}", token_with_chain);
44
45    // 6. Verify the chain token
46    println!("\nVerifying token with attenuation chain...");
47    verify_token(
48        &token_with_chain,
49        root_keypair.public(),
50        "alice",
51        "resource1",
52    )?;
53    println!("✅ Verification successful for token with attenuation chain");
54
55    Ok(())
56}
More examples
Hide additional examples
examples/token_verification.rs (line 15)
7fn main() -> Result<(), TokenError> {
8    // Generate an example token
9    let root_keypair = Arc::new(KeyPair::new());
10    let token_base64 = generate_example_token(root_keypair.clone())?;
11    println!("Generated token: {}\n", token_base64);
12
13    // Example 1: Basic verification
14    println!("Example 1: Basic verification");
15    verify_token(&token_base64, root_keypair.public(), "alice", "resource1")?;
16    println!("✅ Basic verification successful\n");
17
18    // Example 2: Service chain verification
19    println!("Example 2: Service chain verification");
20
21    // Create service node keypairs
22    let service1_keypair = KeyPair::new();
23    let service1_pk_hex = hex::encode(service1_keypair.public().to_bytes());
24    let service1_public_key = format!("ed25519/{}", service1_pk_hex);
25
26    let service2_keypair = KeyPair::new();
27    let service2_pk_hex = hex::encode(service2_keypair.public().to_bytes());
28    let service2_public_key = format!("ed25519/{}", service2_pk_hex);
29
30    // Define service nodes
31    let service_nodes = vec![
32        ServiceNode {
33            component: "node1".to_string(),
34            public_key: service1_public_key.clone(),
35        },
36        ServiceNode {
37            component: "node2".to_string(),
38            public_key: service2_public_key.clone(),
39        },
40    ];
41
42    // Generate a token with service chain
43    let chain_token = generate_service_chain_token(
44        root_keypair.clone(),
45        service1_public_key,
46        service2_public_key,
47    )?;
48
49    // attenuate the token for node1
50    let attenuated_token = add_service_node_attenuation(
51        decode_token(&chain_token)?,
52        root_keypair.public(),
53        "resource1",
54        &service1_keypair,
55    )?;
56
57    // attenuate the token for node2
58    let attenuated_token2 = add_service_node_attenuation(
59        attenuated_token,
60        root_keypair.public(),
61        "resource1",
62        &service2_keypair,
63    )?;
64
65    // Verify with service chain
66    verify_service_chain_token(
67        &encode_token(&attenuated_token2),
68        root_keypair.public(),
69        "alice",
70        "resource1",
71        service_nodes,
72        None,
73    )?;
74    println!("✅ Service chain verification successful\n");
75
76    // Example 3: Verification with key from string
77    println!("Example 3: Verification with key from string");
78
79    // Convert public key to string format and back
80    let pk_hex = hex::encode(root_keypair.public().to_bytes());
81    let pk_str = format!("ed25519/{}", pk_hex);
82    let parsed_pk = biscuit_key_from_string(pk_str)?;
83
84    // Verify with parsed key
85    verify_token(&token_base64, parsed_pk, "alice", "resource1")?;
86    println!("✅ Verification with key from string successful");
87
88    Ok(())
89}