[][src]Crate jwtvault

JWT Vault

Features

  • Manages & Orchestrates JWT for user login, logout & renew
  • Easy start
  • No un-safe code
  • Runs on stable rust
  • Library approach (Requires no runtime)
  • Supports plugable components (Store & Hasher)
  • Invalidates old refresh upon new refresh token renewal
  • Invalidates old authentication upon new authentication token renewal
  • Handles Thundering herd problem upon authentication token expiry

Prerequisite

./generate_certificates.sh

Quickstart

use jwtvault::prelude::*;
use std::collections::HashMap;

fn main() {
    let mut users = HashMap::new();

    // User: John Doe
   let user_john = "John Doe";
   let password_for_john = "john";

   // User: Jane Doe
   let user_jane = "Jane Doe";
   let password_for_jane = "jane";

   // load users and their password from database/somewhere
   users.insert(user_john.to_string(), password_for_john.to_string());
   users.insert(user_jane.to_string(), password_for_jane.to_string());

   // Initialize vault
   let mut vault = DefaultVault::new(users);

   // John needs to login now
   let token = vault.login(
       user_john,
       password_for_john,
       None,
       None,
   ).ok().unwrap().unwrap();

   // When John presents authentication token, it can be used to restore John's session info
   let server_refresh_token = vault.resolve_server_token_from_client_authentication_token(
       user_john.as_bytes(),
       token.authentication_token()
   ).ok().unwrap();

   // server_refresh_token (variable) contains server which captures client private info
   // which never leaves the server
   let private_info_about_john = server_refresh_token.server().unwrap();

   // server_refresh_token (variable) contains client which captures client public info
   // which is send to client
   let data_from_server_side = server_refresh_token.client().unwrap();

   // Check out the data on client and server which are public and private respectively
   println!(" [Public] John Info: {}",
            String::from_utf8_lossy(data_from_server_side.as_slice()).to_string());
   println!("[Private] John Info: {}",
            String::from_utf8_lossy(private_info_about_john.as_slice()).to_string());

   // lets renew authentication token
   let new_token = vault.renew(
       user_john.as_bytes(),
       token.refresh_token(),
       None,
   ).ok().unwrap();

   // When John presents new authentication token it can be used to restore session info
   let _ = vault.resolve_server_token_from_client_authentication_token(
       user_john.as_bytes(), new_token.as_str(),
   ).ok().unwrap();
}

Workflows

  • To begin use login with user and password

    • Upon successful login is provides user will be provided with JWT pair (authentication/refresh)

    • Authentication token is then provided to access any resources

    • Refresh token is used to renew an authentication token upon expiry

  • Use resolve_server_token_from_client_authentication_token with user and authentication_token to restore user session

  • Use renew with user and refresh_token to generate new authentication token

  • logout with user and authentication_token will remove all tokens associated with the user

Modules

api
constants
errors
plugins
prelude
utils