Expand description
OAuth/GNAP bridge — verify a JWT bearer token using the in-house
crate::jws module,
against a static or remote JWKS, and project the verified claims into a
TrustForge actor identity + capabilities.
Supports ES256 / ES384 / RS256 / RS384 / RS512 / EdDSA. Algorithm confusion attacks (alg:none, HS256-with-RSA-key) are guarded by the mandatory allow-list passed at bridge construction time.
Structs§
- Jwk
- Minimal JWK shape the bridge accepts. ES256/ES384 use x/y; RS* use n/e; EdDSA uses crv=Ed25519 + x.
- Jwks
- OAuth
Bridge - OAuth
Bridge Config - OAuth
Claims - OAuth
Verification Result
Functions§
- parse_
algorithm - project_
jwk_ to_ public_ key - Project a JWK into the TrustForge
PublicKeyshape (raw bytes, base64-encoded, with the algorithm name normalised to TrustForge’s vocabulary). Mirrors the TSprojectJwkToPublicKey.