Struct okta_jwt_verifier::Verifier

source ·

pub struct Verifier { /* private fields */ }

Expand description

Attempts to retrieve the keys from an Okta issuer, decode and verify a given access/ID token, and deserialize the requested claims.

Implementations§

source §

impl Verifier

source

pub async fn new(issuer: &str) -> Result<Self>

new constructs an instance of Verifier and attempts to retrieve the keys from the specified issuer.

source

pub async fn new_with_config(issuer: &str, config: Config) -> Result<Self>

configure constructs an instance of Verifier and attempts to retrieve the keys from the specified issuer while specifying extra config.

source

pub async fn verify<T>(&self, token: &str) -> Result<TokenData<T>>where T: DeserializeOwned,

verify will attempt to validate a passed access or ID token. Upon a successful validation it will then attempt to deserialize the requested claims. A DefaultClaims struct has been provided for use or to serve as an example for constructing a custom claim struct.

use okta_jwt_verifier::{Verifier, DefaultClaims};

#[async_std::main]
async fn main() -> anyhow::Result<()> {
    let token = "token";
    let issuer = "https://your.domain/oauth2/default";

    Verifier::new(&issuer)
        .await?
        .verify::<DefaultClaims>(&token)
        .await?;
    Ok(())
}

source

pub fn client_id(self, cid: &str) -> Self

client_id can be used to require cid claim verification.

use okta_jwt_verifier::{Verifier, DefaultClaims};

#[async_std::main]
async fn main() -> anyhow::Result<()> {
    let token = "token";
    let issuer = "https://your.domain/oauth2/default";

    Verifier::new(&issuer)
        .await?
        .client_id("Bl3hStrINgiD")
        .verify::<DefaultClaims>(&token)
        .await?;
    Ok(())
}

source

pub fn audience(self, audience: HashSet<String>) -> Self

audience is for setting multiple aud values to check against.

use okta_jwt_verifier::{Verifier, DefaultClaims};
use std::collections::HashSet;

#[async_std::main]
async fn main() -> anyhow::Result<()> {
    let token = "token";
    let issuer = "https://your.domain/oauth2/default";
    let mut aud = HashSet::new();
    aud.insert("api://default".to_string());
    aud.insert("api://admin".to_string());

    Verifier::new(&issuer)
        .await?
        .audience(aud)
        .verify::<DefaultClaims>(&token)
        .await?;
    Ok(())
}

source

pub fn add_audience(self, audience: &str) -> Self

add_audience helps to make adding a single aud entry easier.

use okta_jwt_verifier::{Verifier, DefaultClaims};

#[async_std::main]
async fn main() -> anyhow::Result<()> {
    let token = "token";
    let issuer = "https://your.domain/oauth2/default";

    Verifier::new(&issuer)
        .await?
        .add_audience("api://default")
        .verify::<DefaultClaims>(&token)
        .await?;
    Ok(())
}

source

pub fn leeway(self, leeway: u64) -> Self

leeway is for overriding the default leeway of 120 seconds, this is to help deal with clock skew.

use okta_jwt_verifier::{Verifier, DefaultClaims};

#[async_std::main]
async fn main() -> anyhow::Result<()> {
    let token = "token";
    let issuer = "https://your.domain/oauth2/default";

    Verifier::new(&issuer)
        .await?
        .leeway(60)
        .verify::<DefaultClaims>(&token)
        .await?;
    Ok(())
}