jwt_lab/

lib.rs

//! # jwt-lab
//!
//! A production-grade JWT (JSON Web Token) crate for Rust with comprehensive
//! support for decoding, verifying, signing, and mutating JWTs.
//!
//! ## Features
//!
//! - **Multiple Algorithms**: HS256/384/512, RS256/384/512, ES256/384/512, EdDSA
//! - **JWK/JWKS Support**: Verify tokens using JSON Web Key Sets
//! - **Algorithm Validation**: Prevent algorithm confusion attacks
//! - **Time Validation**: Configurable leeway for `exp` and `nbf` claims
//! - **Claims Mutation**: Modify JWT claims using JSON pointer paths
//! - **Feature Flags**: Fine-grained control over included algorithms
//! - **Strong Error Types**: Comprehensive error handling with clear messages
//!
//! ## Quick Start
//!
//! ```rust
//! use jwt_lab::{Algorithm, Header, Claims, Key};
//! use jwt_lab::sign::sign;
//! use serde_json::json;
//!
//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
//! // Create and sign a JWT
//! let header = Header {
//!     alg: Algorithm::HS256,
//!     typ: Some("JWT".into()),
//!     kid: None,
//!     extra: Default::default()
//! };
//! let claims = Claims(serde_json::from_value(json!({
//!     "sub": "user123",
//!     "iat": 1516239022
//! }))?);
//! let token = sign(&header, &claims, &Key::hs("secret"))?;
//! println!("Generated token: {}", token);
//! # Ok(()) }
//! ```
//!
//! ## Security Considerations
//!
//! - Always validate the algorithm to prevent algorithm confusion attacks
//! - Set appropriate expiration times and use minimal leeway
//! - Validate issuer and audience claims when possible
//! - Never accept tokens with `alg: "none"`

mod errors;
mod types;
mod b64;
mod time;
mod decode;
/// JWT signing functionality
pub mod sign;
mod verify;
mod mutate;
mod jwk;

pub use errors::{Error, Result};
pub use types::{Algorithm, Header, Claims, Jwt};
pub use verify::VerifyOptions;
pub use jwk::{Jwk, Jwks, Key, KeySource};

#[cfg(feature = "explain")]
pub use types::Explanation;