junobuild_auth/openid/jwt/types.rs
1pub(crate) mod token {
2 use candid::Deserialize;
3 use serde::Serialize;
4
5 #[derive(Debug, Clone, Deserialize, Serialize)]
6 pub struct Claims {
7 pub iss: String,
8 pub sub: String,
9 pub aud: String,
10 pub exp: Option<u64>,
11 pub nbf: Option<u64>,
12 pub iat: Option<u64>,
13
14 pub nonce: Option<String>,
15
16 pub email: Option<String>,
17 pub name: Option<String>,
18 pub given_name: Option<String>,
19 pub family_name: Option<String>,
20 pub picture: Option<String>,
21 pub locale: Option<String>,
22 }
23
24 #[derive(Clone, Deserialize)]
25 pub struct UnsafeClaims {
26 pub iss: Option<String>,
27 }
28}
29
30pub mod cert {
31 use candid::{CandidType, Deserialize};
32 use serde::Serialize;
33
34 #[derive(CandidType, Serialize, Deserialize, Clone)]
35 pub struct Jwk {
36 // Key type, e.g. "RSA".
37 // https://tools.ietf.org/html/rfc7517#section-4.1
38 pub kty: JwkType,
39
40 // Algorithm, e.g. "RS256".
41 // https://tools.ietf.org/html/rfc7517#section-4.4
42 pub alg: Option<String>,
43
44 // Used to select which key in the JWKS to use.
45 // https://tools.ietf.org/html/rfc7517#section-4.5
46 pub kid: Option<String>,
47
48 // Type-Specific Key Properties.
49 // https://tools.ietf.org/html/rfc7517#section-4
50 pub params: JwkParams,
51 }
52
53 // Supported types for the JSON Web Key `kty` property.
54 // https://www.iana.org/assignments/jose/jose.xhtml#web-key-types
55 #[derive(CandidType, Serialize, Deserialize, Clone)]
56 pub enum JwkType {
57 // Elliptic Curve.
58 #[serde(rename = "EC")]
59 Ec,
60 // RSA.
61 #[serde(rename = "RSA")]
62 Rsa,
63 // Octet sequence.
64 #[serde(rename = "oct")]
65 Oct,
66 // Octet string key pairs.
67 #[serde(rename = "OKP")]
68 Okp,
69 }
70
71 // Algorithm-specific parameters for JSON Web Keys.
72 // https://tools.ietf.org/html/rfc7518#section-6
73 #[derive(CandidType, Serialize, Deserialize, Clone)]
74 pub enum JwkParams {
75 // Elliptic Curve parameters.
76 Ec(JwkParamsEc),
77
78 // RSA parameters.
79 Rsa(JwkParamsRsa),
80
81 // Octet Sequence parameters used to represent symmetric keys.
82 Oct(JwkParamsOct),
83
84 // Octet Key Pairs parameters.
85 Okp(JwkParamsOkp),
86 }
87
88 // Parameters for Elliptic Curve Keys.
89 // https://tools.ietf.org/html/rfc7518#section-6.2
90 #[derive(CandidType, Serialize, Deserialize, Clone)]
91 pub struct JwkParamsEc {
92 // Identifies the cryptographic curve used with the key.
93 // https://tools.ietf.org/html/rfc7518#section-6.2.1.1
94 pub crv: String, // Curve
95
96 // The `x` coordinate for the Elliptic Curve point as a base64url-encoded
97 // value.
98 // https://tools.ietf.org/html/rfc7518#section-6.2.1.2
99 pub x: String, // X Coordinate
100
101 // The `y` coordinate for the Elliptic Curve point as a base64url-encoded
102 // value.
103 // https://tools.ietf.org/html/rfc7518#section-6.2.1.3
104 pub y: String, // Y Coordinate
105
106 // The Elliptic Curve private key as a base64url-encoded value.
107 // https://tools.ietf.org/html/rfc7518#section-6.2.2.1
108 // pub d: Option<String>, // ECC Private Key
109 // Unused in this implementation.
110 }
111
112 // Parameters for RSA Keys.
113 // https://tools.ietf.org/html/rfc7518#section-6.3
114 #[derive(CandidType, Serialize, Deserialize, Clone)]
115 pub struct JwkParamsRsa {
116 // The modulus (part of the RSA public key).
117 // https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1
118 pub n: String,
119
120 // The exponent (the other part of the RSA public key).
121 // https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.2
122 pub e: String,
123 // Other optional parameters describe private keys
124 // which are not used in this implementation.
125 // https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.2
126 }
127
128 // Parameters for Symmetric Keys.
129 // https://tools.ietf.org/html/rfc7518#section-6.4
130 #[derive(CandidType, Serialize, Deserialize, Clone)]
131 pub struct JwkParamsOct {
132 // The symmetric key as a base64url-encoded value.
133 // https://tools.ietf.org/html/rfc7518#section-6.4.1
134 pub k: String, // Key Value
135 }
136
137 // Parameters for Octet Key Pairs.
138 // https://tools.ietf.org/html/rfc8037#section-2
139 #[derive(CandidType, Serialize, Deserialize, Clone)]
140 pub struct JwkParamsOkp {
141 // The subtype of the key pair.
142 // https://tools.ietf.org/html/rfc8037#section-2
143 pub crv: String, // Key SubType
144
145 // The public key as a base64url-encoded value.
146 // https://tools.ietf.org/html/rfc8037#section-2
147 pub x: String, // Public Key
148
149 // The private key as a base64url-encoded value.
150 // https://tools.ietf.org/html/rfc8037#section-2
151 // pub d: Option<String>,
152 // Unused in this implementation.
153 }
154
155 // JSON Web Key Set
156 #[derive(CandidType, Serialize, Deserialize, Clone)]
157 pub struct Jwks {
158 pub keys: Vec<Jwk>,
159 }
160}
161
162pub(crate) mod errors {
163 use candid::{CandidType, Deserialize};
164 use serde::Serialize;
165
166 #[derive(CandidType, Serialize, Deserialize, Debug)]
167 pub enum JwtFindProviderError {
168 BadSig(String),
169 BadClaim(String),
170 NoMatchingProvider,
171 }
172
173 #[derive(CandidType, Serialize, Deserialize, Debug)]
174 pub enum JwtFindKidError {
175 BadSig(String),
176 BadClaim(String),
177 MissingKid,
178 }
179
180 #[derive(CandidType, Serialize, Deserialize, Debug)]
181 pub enum JwtVerifyError {
182 MissingKid,
183 NoKeyForKid,
184 WrongKeyType,
185 BadSig(String),
186 BadClaim(String),
187 }
188
189 #[derive(CandidType, Serialize, Deserialize, Debug)]
190 pub enum JwtHeaderError {
191 BadSig(String),
192 BadClaim(String),
193 }
194}