junobuild_auth/openid/jwt/types.rs
1pub(crate) mod token {
2 use candid::Deserialize;
3
4 pub trait JwtClaims {
5 fn iat(&self) -> Option<u64>;
6 fn nonce(&self) -> Option<&str>;
7 }
8
9 #[derive(Clone, Deserialize)]
10 pub struct UnsafeClaims {
11 pub iss: Option<String>,
12 }
13}
14
15pub mod cert {
16 use candid::{CandidType, Deserialize};
17 use serde::Serialize;
18
19 #[derive(CandidType, Serialize, Deserialize, Clone)]
20 pub struct Jwk {
21 // Key type, e.g. "RSA".
22 // https://tools.ietf.org/html/rfc7517#section-4.1
23 pub kty: JwkType,
24
25 // Algorithm, e.g. "RS256".
26 // https://tools.ietf.org/html/rfc7517#section-4.4
27 pub alg: Option<String>,
28
29 // Used to select which key in the JWKS to use.
30 // https://tools.ietf.org/html/rfc7517#section-4.5
31 pub kid: Option<String>,
32
33 // Type-Specific Key Properties.
34 // https://tools.ietf.org/html/rfc7517#section-4
35 pub params: JwkParams,
36 }
37
38 // Supported types for the JSON Web Key `kty` property.
39 // https://www.iana.org/assignments/jose/jose.xhtml#web-key-types
40 #[derive(CandidType, Serialize, Deserialize, Clone)]
41 pub enum JwkType {
42 // Elliptic Curve.
43 #[serde(rename = "EC")]
44 Ec,
45 // RSA.
46 #[serde(rename = "RSA")]
47 Rsa,
48 // Octet sequence.
49 #[serde(rename = "oct")]
50 Oct,
51 // Octet string key pairs.
52 #[serde(rename = "OKP")]
53 Okp,
54 }
55
56 // Algorithm-specific parameters for JSON Web Keys.
57 // https://tools.ietf.org/html/rfc7518#section-6
58 #[derive(CandidType, Serialize, Deserialize, Clone)]
59 pub enum JwkParams {
60 // Elliptic Curve parameters.
61 Ec(JwkParamsEc),
62
63 // RSA parameters.
64 Rsa(JwkParamsRsa),
65
66 // Octet Sequence parameters used to represent symmetric keys.
67 Oct(JwkParamsOct),
68
69 // Octet Key Pairs parameters.
70 Okp(JwkParamsOkp),
71 }
72
73 // Parameters for Elliptic Curve Keys.
74 // https://tools.ietf.org/html/rfc7518#section-6.2
75 #[derive(CandidType, Serialize, Deserialize, Clone)]
76 pub struct JwkParamsEc {
77 // Identifies the cryptographic curve used with the key.
78 // https://tools.ietf.org/html/rfc7518#section-6.2.1.1
79 pub crv: String, // Curve
80
81 // The `x` coordinate for the Elliptic Curve point as a base64url-encoded
82 // value.
83 // https://tools.ietf.org/html/rfc7518#section-6.2.1.2
84 pub x: String, // X Coordinate
85
86 // The `y` coordinate for the Elliptic Curve point as a base64url-encoded
87 // value.
88 // https://tools.ietf.org/html/rfc7518#section-6.2.1.3
89 pub y: String, // Y Coordinate
90
91 // The Elliptic Curve private key as a base64url-encoded value.
92 // https://tools.ietf.org/html/rfc7518#section-6.2.2.1
93 // pub d: Option<String>, // ECC Private Key
94 // Unused in this implementation.
95 }
96
97 // Parameters for RSA Keys.
98 // https://tools.ietf.org/html/rfc7518#section-6.3
99 #[derive(CandidType, Serialize, Deserialize, Clone)]
100 pub struct JwkParamsRsa {
101 // The modulus (part of the RSA public key).
102 // https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.1
103 pub n: String,
104
105 // The exponent (the other part of the RSA public key).
106 // https://datatracker.ietf.org/doc/html/rfc7518#section-6.3.1.2
107 pub e: String,
108 // Other optional parameters describe private keys
109 // which are not used in this implementation.
110 // https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.2
111 }
112
113 // Parameters for Symmetric Keys.
114 // https://tools.ietf.org/html/rfc7518#section-6.4
115 #[derive(CandidType, Serialize, Deserialize, Clone)]
116 pub struct JwkParamsOct {
117 // The symmetric key as a base64url-encoded value.
118 // https://tools.ietf.org/html/rfc7518#section-6.4.1
119 pub k: String, // Key Value
120 }
121
122 // Parameters for Octet Key Pairs.
123 // https://tools.ietf.org/html/rfc8037#section-2
124 #[derive(CandidType, Serialize, Deserialize, Clone)]
125 pub struct JwkParamsOkp {
126 // The subtype of the key pair.
127 // https://tools.ietf.org/html/rfc8037#section-2
128 pub crv: String, // Key SubType
129
130 // The public key as a base64url-encoded value.
131 // https://tools.ietf.org/html/rfc8037#section-2
132 pub x: String, // Public Key
133
134 // The private key as a base64url-encoded value.
135 // https://tools.ietf.org/html/rfc8037#section-2
136 // pub d: Option<String>,
137 // Unused in this implementation.
138 }
139
140 // JSON Web Key Set
141 #[derive(CandidType, Serialize, Deserialize, Clone)]
142 pub struct Jwks {
143 pub keys: Vec<Jwk>,
144 }
145}
146
147pub(crate) mod errors {
148 use candid::{CandidType, Deserialize};
149 use serde::Serialize;
150
151 #[derive(CandidType, Serialize, Deserialize, Debug)]
152 pub enum JwtFindProviderError {
153 BadSig(String),
154 BadClaim(String),
155 NoMatchingProvider,
156 }
157
158 #[derive(CandidType, Serialize, Deserialize, Debug)]
159 pub enum JwtFindKidError {
160 BadSig(String),
161 BadClaim(String),
162 MissingKid,
163 }
164
165 #[derive(CandidType, Serialize, Deserialize, Debug)]
166 pub enum JwtVerifyError {
167 MissingKid,
168 NoKeyForKid,
169 WrongKeyType,
170 BadSig(String),
171 BadClaim(String),
172 }
173
174 #[derive(CandidType, Serialize, Deserialize, Debug)]
175 pub enum JwtHeaderError {
176 BadSig(String),
177 BadClaim(String),
178 }
179}
180
181pub mod provider {
182 pub trait JwtIssuers {
183 fn issuers(&self) -> &[&'static str];
184 }
185}