Skip to main content

Module bridge_oauth

Module bridge_oauth 

Source
Expand description

OAuth/GNAP bridge — verify a JWT bearer token using the in-house crate::jws module, against a static or remote JWKS, and project the verified claims into a TrustForge actor identity + capabilities.

Supports ES256 / ES384 / RS256 / RS384 / RS512 / EdDSA. Algorithm confusion attacks (alg:none, HS256-with-RSA-key) are guarded by the mandatory allow-list passed at bridge construction time.

Structs§

Jwk
Minimal JWK shape the bridge accepts. ES256/ES384 use x/y; RS* use n/e; EdDSA uses crv=Ed25519 + x.
Jwks
OAuthBridge
OAuthBridgeConfig
OAuthClaims
OAuthVerificationResult

Functions§

parse_algorithm
project_jwk_to_public_key
Project a JWK into the TrustForge PublicKey shape (raw bytes, base64-encoded, with the algorithm name normalised to TrustForge’s vocabulary). Mirrors the TS projectJwkToPublicKey.