Struct okta_jwt_verifier::Verifier
source · pub struct Verifier { /* private fields */ }
Expand description
Attempts to retrieve the keys from an Okta issuer, decode and verify a given access/ID token, and deserialize the requested claims.
Implementations§
source§impl Verifier
impl Verifier
sourcepub async fn new(issuer: &str) -> Result<Self>
pub async fn new(issuer: &str) -> Result<Self>
new
constructs an instance of Verifier and attempts
to retrieve the keys from the specified issuer.
sourcepub async fn new_with_config(issuer: &str, config: Config) -> Result<Self>
pub async fn new_with_config(issuer: &str, config: Config) -> Result<Self>
configure
constructs an instance of Verifier and attempts
to retrieve the keys from the specified issuer while specifying extra config.
sourcepub async fn verify<T>(&self, token: &str) -> Result<TokenData<T>>where
T: DeserializeOwned,
pub async fn verify<T>(&self, token: &str) -> Result<TokenData<T>>where T: DeserializeOwned,
verify
will attempt to validate a passed access
or ID token. Upon a successful validation it will then
attempt to deserialize the requested claims. A DefaultClaims
struct has been provided for use or to serve as an example
for constructing a custom claim struct.
use okta_jwt_verifier::{Verifier, DefaultClaims};
#[async_std::main]
async fn main() -> anyhow::Result<()> {
let token = "token";
let issuer = "https://your.domain/oauth2/default";
Verifier::new(&issuer)
.await?
.verify::<DefaultClaims>(&token)
.await?;
Ok(())
}
sourcepub fn client_id(self, cid: &str) -> Self
pub fn client_id(self, cid: &str) -> Self
client_id
can be used to require cid claim verification.
use okta_jwt_verifier::{Verifier, DefaultClaims};
#[async_std::main]
async fn main() -> anyhow::Result<()> {
let token = "token";
let issuer = "https://your.domain/oauth2/default";
Verifier::new(&issuer)
.await?
.client_id("Bl3hStrINgiD")
.verify::<DefaultClaims>(&token)
.await?;
Ok(())
}
sourcepub fn audience(self, audience: HashSet<String>) -> Self
pub fn audience(self, audience: HashSet<String>) -> Self
audience
is for setting multiple aud values
to check against.
use okta_jwt_verifier::{Verifier, DefaultClaims};
use std::collections::HashSet;
#[async_std::main]
async fn main() -> anyhow::Result<()> {
let token = "token";
let issuer = "https://your.domain/oauth2/default";
let mut aud = HashSet::new();
aud.insert("api://default".to_string());
aud.insert("api://admin".to_string());
Verifier::new(&issuer)
.await?
.audience(aud)
.verify::<DefaultClaims>(&token)
.await?;
Ok(())
}
sourcepub fn add_audience(self, audience: &str) -> Self
pub fn add_audience(self, audience: &str) -> Self
add_audience
helps to make adding a single
aud entry easier.
use okta_jwt_verifier::{Verifier, DefaultClaims};
#[async_std::main]
async fn main() -> anyhow::Result<()> {
let token = "token";
let issuer = "https://your.domain/oauth2/default";
Verifier::new(&issuer)
.await?
.add_audience("api://default")
.verify::<DefaultClaims>(&token)
.await?;
Ok(())
}
sourcepub fn leeway(self, leeway: u64) -> Self
pub fn leeway(self, leeway: u64) -> Self
leeway
is for overriding the default leeway
of 120 seconds, this is to help deal with clock skew.
use okta_jwt_verifier::{Verifier, DefaultClaims};
#[async_std::main]
async fn main() -> anyhow::Result<()> {
let token = "token";
let issuer = "https://your.domain/oauth2/default";
Verifier::new(&issuer)
.await?
.leeway(60)
.verify::<DefaultClaims>(&token)
.await?;
Ok(())
}