Struct min_jwt::SignatureVerifiedJwt

source · 
pub struct SignatureVerifiedJwt<'a> { /* private fields */ }
Expand description

Represents a JSON Web Token which has had its signature verified.

A signature verified JWT contains signed data which was verified with the included signature. The signed data is the encoded header + “.” + encoded claims.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

let decoded_claims = signature_verified_jwt.decode_claims()?;

/* validate claims */

Implementations§

source§

impl<'a> SignatureVerifiedJwt<'a>

source

pub fn decode_header(&self) -> Result<Vec<u8>>

Decodes the header part by parsing the JWT for the header and base64 decoding the header.

Errors

If the header part is not correctly base64 encoded, the function will return an error variant.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

let decoded_header = signature_verified_jwt.decode_header()?;

assert_eq!(String::from_utf8(decoded_header).unwrap(), "{\"alg\":\"HS256\",\"typ\":\"JWT\"}");
source

pub fn decode_claims(&self) -> Result<Vec<u8>>

Decodes the claims part by parsing the JWT for the claims and base64 decoding the claims.

Errors

If the claims part is not correctly base64 encoded, the function will return an error variant.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

let decoded_claims = signature_verified_jwt.decode_claims()?;

assert_eq!(String::from_utf8(decoded_claims).unwrap(), "{\"sub\":\"1234567890\",\"name\":\"John Doe\",\"iat\":1516239022}");
source

pub fn decode_signature(&self) -> Result<Vec<u8>>

Decodes the signature part by parsing the JWT for the signature and base64 decoding the signature.

Errors

If the signature part is not correctly base64 encoded, the function will return an error variant.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

let decoded_signature = signature_verified_jwt.decode_signature()?;

/* use a cryptography library to verify the signed data with the decoded signature */
source

pub fn signed_data(&self) -> &'a str

Returns the signed data.

The signed data is the encoded header + “.” + encoded claims.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

assert_eq!("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ", signature_verified_jwt .signed_data());
source

pub fn encoded_header(&self) -> &'a str

Returns the encoded header part.

Practically, the decode_header method is more useful since the returned data from this method is still base64 encoded.

The encoded header is available for debugging purposes.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

assert_eq!("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9", signature_verified_jwt.encoded_header());

/* use a cryptography library to verify the signed data with the decoded signature */
source

pub fn encoded_claims(&self) -> &'a str

Returns the encoded claims part.

Practically, the decode_claims method is more useful since the returned data from this method is still base64 encoded.

The encoded claims is available for debugging purposes.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

assert_eq!("eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ", signature_verified_jwt.encoded_claims());

/* use a cryptography library to verify the signed data with the decoded signature */
source

pub fn encoded_signature(&self) -> &'a str

Returns the encoded signature part.

Practically, the decode_signature method is more useful since the returned data from this method is still base64 encoded.

The encoded signature is available for debugging purposes.

use ring::hmac;

let jwt = "\
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva\
G4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\
";

let hmac_key_bytes = String::from("your-256-bit-secret").into_bytes();
let hmac_key = hmac::Key::new(hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(&hmac_key);
let signature_verified_jwt = min_jwt::verify(jwt, &verifier)?;

assert_eq!("SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", signature_verified_jwt.encoded_signature());

/* use a cryptography library to verify the signed data with the decoded signature */

Trait Implementations§

source§

impl<'a> Debug for SignatureVerifiedJwt<'a>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V