Struct Token

pub struct Token<T: IntoNatsClaims> { /* private fields */ }

JWT token builder.

Example

let account_id = "ADP75IYE4WXG23T546A2R3LIRRVBSC52RTJQIHO44CJIQRXSOPLZ5WBJ";
let account_signing_key = KeyPair::from_seed("SAAHCUHEQJUYBGWQKN7XUBDCDXKB6C7IQVBZ74DH3T4M2ZNNQOGGECIBDE").unwrap();
let user_key = KeyPair::new_user();
Token::new_user(account_id, user_key.public_key())
    .name("My User")
    .max_subscriptions(10)
    .max_payload(1024 * 1024) // 1MiB
    .allow_publish("service.hello.world")
    .allow_subscribe("_INBOX.>")
    .sign(&account_signing_key);

Implementations

impl<T: IntoNatsClaims> Token<T>

pub fn name(self, name: impl Into<String>) -> Self

Set the friendly name for the token, can be anything, defaults to the token subject

pub fn max_subscriptions(self, max_subscriptions: i64) -> Self

Set the maximum number of subscriptions this token will allow

pub fn max_payload(self, max_payload: i64) -> Self

Set the maximum payload size in bytes this token will allow

pub fn max_data(self, max_data: i64) -> Self

Set the maximum data size in bytes this token will allow

pub fn allow_publish(self, subject: impl Into<String>) -> Self

Allow a subject/pattern to be published to

pub fn deny_publish(self, subject: impl Into<String>) -> Self

Deny a subject/pattern from being published to

pub fn allow_subscribe(self, subject: impl Into<String>) -> Self

Allow a subject/pattern to be subcribe to

pub fn deny_subscribe(self, subject: impl Into<String>) -> Self

Deny a subject/pattern from being subscribed to

pub fn expires(self, expires: i64) -> Self

Set expiration

pub fn sign(self, signing_key: &KeyPair) -> String

Sign the token with the given signing key, returning a JWT string.

If this is a User token, this should be the Account signing key. If this is an Account token, this should be the Operator key

Panics

• If system time is before UNIX epoch.
• If the seconds from UNIX epoch cannot be represented in a i64.

impl Token<User>

pub fn new_user( issuer_account_id: impl Into<String>, user_key_pub: impl Into<String>, ) -> Self

Start building a new user token.

issuer_account_id is the public key of the Account that will issue this token. This is not the signing key’s public key.

user_key_pub is the public key of the User for which the token is being issued.

pub fn bearer_token(self, bearer_token: bool) -> Self

If true, the user isn’t challenged on connection. Typically used for websocket connections as the browser won’t have/want to have the user’s private key.

impl Token<Account>

pub fn new_account(account_key_pub: impl Into<String>) -> Self

Start building a new account token.

account_key_pub is the public key of the Account for which the token is being issued.

pub fn add_signing_key(self, signing_key: impl IntoPublicKey) -> Self

Add a signing key to the token. Takes anything that implements IntoPublicKey. This is implemented for String, &str, and &KeyPair

pub fn max_imports(self, max_imports: i64) -> Self

Set the maximum number of imports this account can have.

pub fn max_exports(self, max_exports: i64) -> Self

Set the maximum number of exports this account can have.

pub fn max_connections(self, max_connections: i64) -> Self

Set the maximum number of connections this account can have.

pub fn max_leaf_nodes(self, max_leaf_nodes: i64) -> Self

Set the maximum number of leaf nodes this account can have.

pub fn allow_wildcards(self, allow_wildcards: bool) -> Self

Allow exports to contain wildcards

Trait Implementations

impl<T: Clone + IntoNatsClaims> Clone for Token<T>

fn clone(&self) -> Token<T>

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<T: Debug + IntoNatsClaims> Debug for Token<T>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.