#jwks #key-store #jwk #set-key #gcp #jwt-simple

jwt-simple-jwks

Library to validate JWT tokens using JSON Web Key Set (JWKS)

1 unstable release

0.3.0 Feb 20, 2024

#12 in #jwks

Download history 3/week @ 2024-07-25 8/week @ 2024-08-01 6/week @ 2024-09-19 6/week @ 2024-09-26 85/week @ 2024-10-03 82/week @ 2024-10-10 76/week @ 2024-10-17 88/week @ 2024-10-24 51/week @ 2024-10-31 15/week @ 2024-11-07

235 downloads per month

MIT license

34KB
553 lines

jwt-simple-jwks

Docs Crates.io Build Status License:MIT License:Apache Minimum rustc version

jwt-simple-jwks is a library written in Rust to decode and validate JWT tokens using a JSON Web Key Store.

This JWKS client is compatible only with jwt-simple.

Installation

[dependencies]
jwt-simple-jwks = "0.3"

Features

JWKS key store

  • Download key set from HTTP address
  • Decode JWT tokens into header, payload and signature
  • Verify token signature, expiry and not-before
  • Determine when keys should be refreshed
  • No panic!

JWT:

  • Uses the crate jwt-simple to provide the decoding features for RSA keys.

Basic Usage

The following demonstrates how to load a set of keys from an HTTP address and verify a JWT token using those keys:

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let jkws_url = "https://raw.githubusercontent.com/seanpianka/jwks-client/0.1.8/test/test-jwks.json";

    let key_set = KeyStore::new_from(jkws_url.to_owned()).await.unwrap();

    // ...

    let token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEifQ.eyJuYW1lIjoiQWRhIExvdmVsYWNlIiwiaXNzIjoiaHR0cHM6Ly9jaHJvbm9nZWFycy5jb20vdGVzdCIsImF1ZCI6InRlc3QiLCJhdXRoX3RpbWUiOjEwMCwidXNlcl9pZCI6InVpZDEyMyIsInN1YiI6InNidTEyMyIsImlhdCI6MjAwLCJleHAiOjUwMCwibmJmIjozMDAsImVtYWlsIjoiYWxvdmVsYWNlQGNocm9ub2dlYXJzLmNvbSJ9.eTQnwXrri_uY55fS4IygseBzzbosDM1hP153EZXzNlLH5s29kdlGt2mL_KIjYmQa8hmptt9RwKJHBtw6l4KFHvIcuif86Ix-iI2fCpqNnKyGZfgERV51NXk1THkgWj0GQB6X5cvOoFIdHa9XvgPl_rVmzXSUYDgkhd2t01FOjQeeT6OL2d9KdlQHJqAsvvKVc3wnaYYoSqv2z0IluvK93Tk1dUBU2yWXH34nX3GAVGvIoFoNRiiFfZwFlnz78G0b2fQV7B5g5F8XlNRdD1xmVZXU8X2-xh9LqRpnEakdhecciFHg0u6AyC4c00rlo_HBb69wlXajQ3R4y26Kpxn7HA";

    #[derive(Serialize, Deserialize, Debug)]
    pub struct CustomClaims {
        auth_time: i64,
        name: String,
        user_id: String,
        email: String,
    }

    let validation = jwt_simple::prelude::VerificationOptions {
        allowed_issuers: Some(HashSet::from(["https://chronogears.com/test".to_owned()])),
        ..Default::default()
    };

    match key_set.verify::<CustomClaims>(token, Some(validation)) {
        Ok(claims) => {
            println!("iss={}", claims.issuer.unwrap());
            println!("name={}", claims.custom.name);
        }
        Err(Error { msg, typ }) => {
            eprintln!("Could not verify token. Reason: {} {:?}", msg, typ);
        }
    }
    Ok(())
}

Author's Note

Made with ❤️ in Rust

Dependencies

~17–34MB
~581K SLoC