jwt_verify/verifier/

factory.rs

use crate::cognito::config::VerifierConfig;
use crate::common::error::JwtError;
use crate::oidc::OidcProviderConfig;
use crate::verifier::{JwtVerifier, IdTokenClaims, AccessTokenClaims};

/// Enum representing the type of JWT verifier to create
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum VerifierType {
    /// AWS Cognito JWT verifier
    Cognito,
    /// OIDC-compatible JWT verifier
    Oidc,
}

/// JWT verifier enum that can hold either a Cognito or OIDC verifier
///
/// This enum implements the JwtVerifier trait and delegates to the appropriate
/// verifier implementation based on the variant.
#[derive(Debug)]
pub enum JwtVerifierEnum {
    /// AWS Cognito JWT verifier
    Cognito(crate::cognito::CognitoJwtVerifier),
    /// OIDC-compatible JWT verifier
    Oidc(crate::oidc::OidcJwtVerifier),
}

impl JwtVerifier for JwtVerifierEnum {
    async fn verify_id_token(&self, token: &str) -> Result<Box<dyn IdTokenClaims>, JwtError> {
        match self {
            JwtVerifierEnum::Cognito(verifier) => verifier.verify_id_token(token).await,
            JwtVerifierEnum::Oidc(verifier) => verifier.verify_id_token(token).await,
        }
    }

    async fn verify_access_token(
        &self,
        token: &str,
    ) -> Result<Box<dyn AccessTokenClaims>, JwtError> {
        match self {
            JwtVerifierEnum::Cognito(verifier) => verifier.verify_access_token(token).await,
            JwtVerifierEnum::Oidc(verifier) => verifier.verify_access_token(token).await,
        }
    }
}

/// Factory for creating JWT verifiers
///
/// This factory provides methods for creating different types of JWT verifiers
/// based on configuration.
///
/// # Examples
///
/// ```
/// use jwt_verify::verifier::{VerifierType, VerifierFactory};
/// use jwt_verify::VerifierConfig;
///
/// // Create a Cognito verifier
/// let config = VerifierConfig::new("us-west-2", "abcdefg123456", &["client1".to_string()], None).unwrap();
/// let verifier = VerifierFactory::create_cognito(config).unwrap();
///
/// // Create an OIDC verifier
/// let oidc_config = OidcProviderConfig::new(
///     "https://accounts.example.com",
///     Some("https://accounts.example.com/.well-known/jwks.json"),
///     &["client1".to_string()],
/// ).unwrap();
/// let oidc_verifier = VerifierFactory::create_oidc(vec![oidc_config]).unwrap();
/// ```
pub struct VerifierFactory;

impl VerifierFactory {
    /// Create a JWT verifier of the specified type
    ///
    /// # Parameters
    ///
    /// * `verifier_type` - The type of verifier to create
    /// * `config` - The configuration for the verifier
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing a JWT verifier if successful, or a `JwtError`
    /// if creation fails.
    pub fn create(
        verifier_type: VerifierType,
        config: VerifierConfig,
    ) -> Result<JwtVerifierEnum, JwtError> {
        match verifier_type {
            VerifierType::Cognito => Self::create_cognito(config),
            VerifierType::Oidc => Err(JwtError::ConfigurationError {
                parameter: Some("verifier_type".to_string()),
                error: "Cannot create OIDC verifier from Cognito config. Use create_oidc instead."
                    .to_string(),
            }),
        }
    }

    /// Create a Cognito JWT verifier
    ///
    /// # Parameters
    ///
    /// * `config` - The configuration for the verifier
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing a JWT verifier if successful, or a `JwtError`
    /// if creation fails.
    pub fn create_cognito(config: VerifierConfig) -> Result<JwtVerifierEnum, JwtError> {
        let verifier = crate::cognito::CognitoJwtVerifier::new(vec![config])?;
        Ok(JwtVerifierEnum::Cognito(verifier))
    }

    /// Create an OIDC JWT verifier
    ///
    /// # Parameters
    ///
    /// * `configs` - The configurations for the verifier
    ///
    /// # Returns
    ///
    /// Returns a `Result` containing a JWT verifier if successful, or a `JwtError`
    /// if creation fails.
    pub fn create_oidc(configs: Vec<OidcProviderConfig>) -> Result<JwtVerifierEnum, JwtError> {
        let verifier = crate::oidc::OidcJwtVerifier::new(configs)?;
        Ok(JwtVerifierEnum::Oidc(verifier))
    }
}