Struct JwtValidationOptions 

pub struct JwtValidationOptions {
    pub trusted_issuers: Option<Vec<String>>,
    pub jwks_uri: Option<String>,
    pub algorithms: Option<Vec<Algorithm>>,
    pub required_claims: Option<Vec<String>>,
    pub leeway_seconds: Option<u64>,
    pub validate_expiry: bool,
    pub jwks_cache_duration_hours: u64,
}

JWT validation options

Configuration for JWT validation including security parameters like trusted issuers, allowed algorithms, and required claims. These options align with the harmony-dsl JWT authentication middleware schema.

Fields

trusted_issuers: Option<Vec<String>>

List of trusted JWT token issuers. When specified, JWTs must have an ‘iss’ claim matching one of these values exactly. This prevents attacks where an attacker stands up their own JWKS endpoint and issues fraudulent tokens.

STRONGLY RECOMMENDED: Always configure this in production for security.

jwks_uri: Option<String>

Explicit JWKS URI for fetching public keys. When specified, this overrides the auto-discovery of JWKS from the issuer’s well-known endpoint. Example: “https://auth.example.com/.well-known/jwks.json”

algorithms: Option<Vec<Algorithm>>

List of allowed JWT signing algorithms. If not specified, defaults to RS256 only. Example: vec![Algorithm::RS256, Algorithm::ES256]

required_claims: Option<Vec<String>>

List of claims that must be present in the JWT. Standard claims like ‘iss’, ‘sub’, and ‘exp’ are always validated. Use this to require additional custom claims. Example: vec![“email”.to_string(), “scope”.to_string()]

leeway_seconds: Option<u64>

Leeway in seconds for validating exp (expiration) and nbf (not before) claims to account for clock skew between systems. Valid range: 0-300 seconds.

validate_expiry: bool

Whether to validate the JWT expiration (exp) claim. Default: true

jwks_cache_duration_hours: u64

Duration in hours to cache JWKS keys. Default: 24 hours

Implementations

impl JwtValidationOptions

pub fn new() -> Self

Create a new JwtValidationOptions with default values

pub fn with_trusted_issuers(self, issuers: Vec<String>) -> Self

Set trusted issuers (builder pattern)

pub fn with_jwks_uri(self, uri: String) -> Self

Set JWKS URI (builder pattern)

pub fn with_algorithms(self, algorithms: Vec<Algorithm>) -> Self

Set allowed algorithms (builder pattern)

pub fn with_required_claims(self, claims: Vec<String>) -> Self

Set required claims (builder pattern)

pub fn with_leeway_seconds(self, leeway: u64) -> Self

Set leeway seconds (builder pattern)

pub fn with_validate_expiry(self, validate: bool) -> Self

Set validate expiry (builder pattern)

pub fn with_jwks_cache_duration_hours(self, hours: u64) -> Self

Set JWKS cache duration (builder pattern)

Trait Implementations

impl Clone for JwtValidationOptions

fn clone(&self) -> JwtValidationOptions

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for JwtValidationOptions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for JwtValidationOptions

fn default() -> Self

Returns the “default value” for a type.