Expand description
§jwt-lab
A production-grade JWT (JSON Web Token) crate for Rust with comprehensive support for decoding, verifying, signing, and mutating JWTs.
§Features
- Multiple Algorithms: HS256/384/512, RS256/384/512, ES256/384/512, EdDSA
- JWK/JWKS Support: Verify tokens using JSON Web Key Sets
- Algorithm Validation: Prevent algorithm confusion attacks
- Time Validation: Configurable leeway for
expandnbfclaims - Claims Mutation: Modify JWT claims using JSON pointer paths
- Feature Flags: Fine-grained control over included algorithms
- Strong Error Types: Comprehensive error handling with clear messages
§Quick Start
use jwt_lab::{Algorithm, Header, Claims, Key};
use jwt_lab::sign::sign;
use serde_json::json;
// Create and sign a JWT
let header = Header {
alg: Algorithm::HS256,
typ: Some("JWT".into()),
kid: None,
extra: Default::default()
};
let claims = Claims(serde_json::from_value(json!({
"sub": "user123",
"iat": 1516239022
}))?);
let token = sign(&header, &claims, &Key::hs("secret"))?;
println!("Generated token: {}", token);§Security Considerations
- Always validate the algorithm to prevent algorithm confusion attacks
- Set appropriate expiration times and use minimal leeway
- Validate issuer and audience claims when possible
- Never accept tokens with
alg: "none"
Modules§
- sign
- JWT signing functionality
Structs§
- Claims
- JWT Claims (payload) as a JSON object
- Explanation
- Detailed explanation of JWT processing steps
- Header
- JWT Header containing algorithm and optional fields
- Jwk
- JSON Web Key (JWK) representation
- Jwks
- JSON Web Key Set (JWKS) containing multiple JWKs
- Jwt
- A decoded JWT token
- Verify
Options - Options for JWT verification
Enums§
- Algorithm
- Supported JWT algorithms
- Error
- Errors that can occur during JWT operations
- Key
- Cryptographic keys for JWT operations
- KeySource
- Key source selection strategy
Type Aliases§
- Result
- Result type alias for JWT operations