9 unstable releases
0.5.1 | Apr 17, 2024 |
---|---|
0.5.0 | Dec 13, 2023 |
0.4.2 | Oct 18, 2023 |
0.4.1 | Apr 3, 2023 |
0.1.1 | Nov 11, 2021 |
#75 in Authentication
7,377 downloads per month
36KB
759 lines
JWKS Client
This lib is used to store Json Web Key Set from your authentication provider. It stores in an internal Cache fetched JWKS and automatically refresh them after a given time.
Installation
Add to your Cargo.toml
# Cargo.toml
[dependencies]
jwks_client_rs = "0.5"
Code example
// Put in your application context or wherever this can live long enough
use jwks_client_rs::source::WebSource;
use jwks_client_rs::JwksClient;
// here you must join your `BASE_AUTH0_URL` env var with `.well-known/jwks.json` or whatever is the jwks url
let url: reqwest::Url = todo!();
let timeout: std::time::Duration = todo!();
// You can define a different source too using `JwksSource` trait
let source: WebSource = WebSource::builder()
.with_timeout(timeout)
.with_connect_timeout(timeout)
.build(url);
let client: JwksClient<WebSource> = JwksClient::builder()
.build(source);
// Store your client in your application context or whatever
// ..
// Get jwk by kid
use jwks_client_rs::{JsonWebKey, JwksClientError};
let kid: String = todo!();
let result: Result<JsonWebKey, JwksClientError> = app_context.jwks_client.get(kid).await;
It is possible to decode your token validating it has been signed by one of your authentication provider JWKS.
#[derive(serde::Deserialize)]
struct Claims {
aud: String,
}
let client: JwksClient = todo!();
// Here's the token. Remember to remove "Bearer " from your token in case it is present
let token: &str = todo!();
// The audience the token were released for.
let audience: &str = todo!();
let result: Result<Claims, JwksClientError> = client.decode::<Claims>(token, audience).await;
Example
A working example could be found in examples folder. To run the example:
- Export the
KID
env variable (take it from your tenant well known jwks) - Export the
BASE_AUTH0_URL
(by running localauth0 or using your auth0 tenant; the url should be your localauth0 exposed port onlocalhost
or something likehttps://{your-tenant}.eu.auth0.com
) - Run in shell
cargo run --example get_jwks
Dependencies
~7–21MB
~337K SLoC