supabase_jwt

Struct Claims

Source 
pub struct Claims {
Show 16 fields
    pub sub: String,
    pub exp: usize,
    pub iat: Option<usize>,
    pub jti: Option<String>,
    pub email: Option<String>,
    pub phone: Option<String>,
    pub role: Option<String>,
    pub app_metadata: Option<Value>,
    pub user_metadata: Option<Value>,
    pub aud: Option<String>,
    pub iss: Option<String>,
    pub aal: Option<String>,
    pub amr: Option<Vec<Value>>,
    pub session_id: Option<String>,
    pub is_anonymous: Option<bool>,
    pub kid: Option<String>,

}
Expand description

Represents the claims of a Supabase JWT.

This struct acts as a data carrier for all the claims contained within a JWT, making it easy to access user information and metadata. The validation logic is handled by the JwtParser before the claims are instantiated.

Fields§

§sub: String

(Subject) The user ID.

§exp: usize

(Expiration Time) The timestamp when the token expires.

§iat: Option<usize>

(Issued At) The timestamp when the token was issued.

§jti: Option<String>

(JWT ID) A unique identifier for the token.

§email: Option<String>

The user’s email address.

§phone: Option<String>

The user’s phone number.

§role: Option<String>

The user’s role.

§app_metadata: Option<Value>

Application-specific metadata.

§user_metadata: Option<Value>

User-specific metadata.

§aud: Option<String>

(Audience) The recipient for which the JWT is intended.

§iss: Option<String>

(Issuer) The principal that issued the JWT.

§aal: Option<String>

(Authentication Assurance Level) The level of assurance.

§amr: Option<Vec<Value>>

(Authentication Methods References) A list of authentication methods.

§session_id: Option<String>

The session ID.

§is_anonymous: Option<bool>

Indicates if the user is anonymous.

§kid: Option<String>

(Key ID) The ID of the key used to sign the token. Not serialized.

Implementations§

Source§

impl Claims

Source

pub async fn from_token( token: &str, jwks_cache: &JwksCache, ) -> Result<Self, AuthError>

Parses and validates claims from a raw JWT string.

§Arguments
  • token - The raw JWT string.
  • jwks_cache - A reference to the JwksCache for key retrieval.
§Returns

A Result containing the validated Claims or an AuthError.

Source

pub async fn from_bearer_token( bearer_token: &str, jwks_cache: &JwksCache, ) -> Result<Self, AuthError>

Parses and validates claims from a “Bearer” token string.

This method expects the token to be prefixed with “Bearer “.

§Arguments
  • bearer_token - The Bearer token string (e.g., “Bearer eyJ…”).
  • jwks_cache - A reference to the JwksCache for key retrieval.
§Returns

A Result containing the validated Claims or an AuthError.

Source

pub fn validate_security(&self) -> Result<(), AuthError>

Performs basic security validation on the claims.

This validation is minimal, trusting that Supabase Auth has already performed comprehensive checks. It primarily ensures that the subject (user ID) is not empty.

Source§

impl Claims

Source

pub fn user_id(&self) -> &str

Returns the user ID (subject).

Source

pub fn email(&self) -> Option<&str>

Returns the user’s email, if available.

Source

pub fn role(&self) -> &str

Returns the user’s role, defaulting to “authenticated”.

Source

pub fn phone(&self) -> Option<&str>

Returns the user’s phone number, if available.

Source

pub fn is_anonymous(&self) -> bool

Checks if the user is anonymous.

Source§

impl Claims

Source

pub fn get_user_metadata<T>(&self, key: &str) -> Option<T>
where T: DeserializeOwned,

Retrieves a specific field from the user metadata.

§Arguments
  • key - The key of the metadata field to retrieve.
§Returns

An Option containing the deserialized value if the key exists.

Source

pub fn get_app_metadata<T>(&self, key: &str) -> Option<T>
where T: DeserializeOwned,

Retrieves a specific field from the application metadata.

§Arguments
  • key - The key of the metadata field to retrieve.
§Returns

An Option containing the deserialized value if the key exists.

Trait Implementations§

Source§

impl Clone for Claims

Source§

fn clone(&self) -> Claims

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Claims

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for Claims

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for Claims

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

§

impl Freeze for Claims

§

impl RefUnwindSafe for Claims

§

impl Send for Claims

§

impl Sync for Claims

§

impl Unpin for Claims

§

impl UnwindSafe for Claims

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ErasedDestructor for T
where T: 'static,