#token #hashing #format #hash #payload #web #jwt

bin+lib dswt

An alternate webtoken format

4 releases

0.1.4 Jul 14, 2024
0.1.3 Jul 14, 2024
0.1.2 Jun 9, 2024
0.1.1 Jun 9, 2024
0.1.0 Jun 9, 2024

#12 in #payload

21 downloads per month

AGPL-3.0-or-later

19KB
199 lines

Delimiter-Separated Web Tokens

I got bored and decided to make my own token format. This is a simple token format that uses delimiters to separate the header, payload, and hash of the token Instead of using something like JSON (like JWT's).

Installation

TODO

Examples

use std::collections::HashMap;

use dswt::{
    Algorithm, 
    Token,          
    TokenManager
};

fn main() {

    // Create a payload
    let payload: HashMap<String, String> = [
        ("key1".to_string(), "value1".to_string()),
        ("key2".to_string(), "value2".to_string()),
        ("key3".to_string(), "value3".to_string()),
    ].iter().cloned().collect();

    // initialize a token manager
    let token_manager = TokenManager::new(
        Algorithm::HS256, 
        "your_key"      // set this to your secret key
    );

    // create a token from the payload
    let token: Token = token_manager.create_token(payload);

    let token_str = token.to_string();

    

}

Format

The overall structure of a DSWT token is <header>;<payload>;<hash>. Each part is a base64 encoded string representing a different part of the token. Each part is separated by a semicolon ;.

Header

The header is the first part of the token, It holds information about the token such as the version and the algorithm used to hash the payload. It is encoded in base64, and is in the format DSWT-<ver>/<alg>. Where <ver> is the version of the token and <alg> is the algorithm used to hash the payload.

Payload

The payload is the second part of the token, It holds the data that the token is supposed to represent. It is encoded in base64, and is in the format key1=value,key2=value,.... Each key-value pair is separated by a comma ,.

Hash

The hash is the last part of the token, It is the hash of the header and payload, and is used to verify the token is valid.

Full Token Example

To give a full example of what a DSWT token would look like, here is a full example token that is not base64 encoded would look like this:

DSWT-<ver>/<alg>;<key1>=<value>,<key2>=<value2>;<hash>

Why not use JWT?

Like I said previously, this is moreso for fun and learning. I am however using it in actual projects (a la netter and smple). I'm personally not a big fan of jwt's, I think they can be a lot simpler.

Dependencies

~1.6–2.7MB
~55K SLoC