Struct jwt_simple::token::TokenMetadata

source · [−]

pub struct TokenMetadata { /* private fields */ }

Expand description

JWT token information useful before signature/tag verification

Implementations

source

impl TokenMetadata

source

pub fn algorithm(&self) -> &str

The JWT algorithm for this token (“alg”) This information should not be trusted: it is unprotected and can be freely modified by a third party. Clients should ignore it and use the correct type of key directly.

source

pub fn content_type(&self) -> Option<&str>

The content type for this token (“cty”)

source

pub fn key_id(&self) -> Option<&str>

The key, or public key identifier for this token (“kid”)

source

pub fn signature_type(&self) -> Option<&str>

The signature type for this token (“typ”)

source

pub fn critical(&self) -> Option<&[String ]>

The set of raw critical properties for this token (“crit”)

source

pub fn certificate_chain(&self) -> Option<&[String ]>

The certificate chain for this token (“x5c”) This information should not be trusted: it is unprotected and can be freely modified by a third party.

source

pub fn key_set_url(&self) -> Option<&str>

The key set URL for this token (“jku”) This information should not be trusted: it is unprotected and can be freely modified by a third party. At the bare minimum, you should check that the URL belongs to the domain you expect.

source

pub fn public_key(&self) -> Option<&str>

The public key for this token (“jwk”) This information should not be trusted: it is unprotected and can be freely modified by a third party. At the bare minimum, you should check that it’s in a set of public keys you already trust.

source

pub fn certificate_url(&self) -> Option<&str>

The certificate URL for this token (“x5u”) This information should not be trusted: it is unprotected and can be freely modified by a third party. At the bare minimum, you should check that the URL belongs to the domain you expect.

source

pub fn certificate_sha1_thumbprint(&self) -> Option<&str>

URLsafe-base64-encoded SHA1 hash of the X.509 certificate for this token (“x5t”) In practice, it can also be any string representing the public key. This information should not be trusted: it is unprotected and can be freely modified by a third party.

source

pub fn certificate_sha256_thumbprint(&self) -> Option<&str>

URLsafe-base64-encoded SHA256 hash of the X.509 certificate for this token (“x5t#256”) In practice, it can also be any string representing the public key. This information should not be trusted: it is unprotected and can be freely modified by a third party.