Skip to main content

Jwks

Struct Jwks

pub struct Jwks {
    pub keys: Vec<Jwk>,
}

Expand description

JSON Web Key Set — collection of trusted public keys per RFC 7517 §5.

Equality + Clone derive enables ergonomic Arc-wrapping at the wiring site without polluting the public surface.

Fields§

§keys: Vec<Jwk>

Implementations§

impl Jwks

pub fn from_ed25519_keys(keys: &[(&str, &[u8; 32])]) -> Self

Build a JWKS from a slice of (kid, 32-byte Ed25519 public key) tuples. Keys land in the order supplied — callers control which keys appear (typically: filter Revoked at the call site, supply Active + Retiring to the builder).

pub fn find_ed25519(&self, kid: &str) -> Option<[u8; 32]>

Find the key with the matching kid that satisfies use=sig. Returns the 32-byte Ed25519 public key bytes when present and well-formed; None for missing kid or wrong key type. Used by consumer-side verification flows to bind a token’s kid header to a trusted public key.

pub fn into_key_set(self) -> Result<KeySet, JwksError>

Convert the JWKS into the engine’s KeySet. Every well-formed kty=OKP / crv=Ed25519 entry becomes a (kid, DecodingKey) binding; entries with any other shape are silently skipped (the engine cannot verify them anyway, and a future JWKS may legitimately carry mixed key types — RSA for legacy clients, EC for some federated IdP). The skip-or-fail tradeoff favours skip: a single malformed entry must not break key rotation for the well-formed siblings.

Returns Err(JwksError::DuplicateKid) only if two entries share a kid — that is a control-plane bug (every kid is supposed to be globally unique), and admitting both would create non-determinism in KeySet::get.

Trait Implementations§

impl Clone for Jwks

fn clone(&self) -> Jwks

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for Jwks

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl<'de> Deserialize<'de> for Jwks

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

impl PartialEq for Jwks

fn eq(&self, other: &Jwks) -> bool

Tests for self and other values to be equal, and is used by ==.

1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Jwks

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

impl Eq for Jwks

impl StructuralPartialEq for Jwks

Auto Trait Implementations§

impl Freeze for Jwks

impl RefUnwindSafe for Jwks

impl Send for Jwks

impl Sync for Jwks

impl Unpin for Jwks

impl UnsafeUnpin for Jwks

impl UnwindSafe for Jwks

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,