JWKS-Client is a library written in Rust to decode and validate JWT tokens using a JSON Web Key Store.
I created this library specifically to decode GCP/Firebase JWT but should be useable with little to no modification. Contact me to propose support for different JWKS key store. Feedback, suggestions, complaints and critisism is appreaciate.
The following demonstrates how to load a set of keys from an HTTP address and verify a JWT token using those keys:
```rust use jwks::KeyStore;
let jkwsurl = "https://..."; let keyset = KeyStore::newfrom(jkwsurl).unwrap();
// ...
let token = "...";
match keyset.verify(token) { Ok(jwt) => { println!("name={}", jwt.payload().getstr("name").unwrap()); } Err(_) => { eprintln!("Could not verify token"); } } ```
JWKS-Client offers descriptive error results:
```rust use jwks::KeyStore; use error::{Error, Type};
let jwks_url = "http://..."; let token = "...";
let keyset = KeyStore::newfrom(jwks_url).unwrap();
match keyset.verify(token) { Ok(jwt) => { println!("name={}", jwt.payload().getstr("name").unwrap()); } Err(Error { msg, typ: Type::Header }) => { eprintln!("Problem with header. Message: {}", msg); } Err(Error { msg, typ: Type::Payload }) => { eprintln!("Problem with payload. Message: {}", msg); } Err(Error { msg, typ: Type::Signature }) => { eprintln!("Problem with signature. Message: {}", msg); } Err(Error { msg: _, typ: Type::Expired }) => { eprintln!("Token is expired."); } Err(Error { msg: _, typ: Type::Early }) => { eprintln!("Too early to use token."); } Err(e) => { eprintln!("Something else went wrong. Message {:?}", e); } } ```
JWKS-Client can decode a JWT payload into a struct:
```rust use jwks::KeyStore;
let key_set = KeyStore::new();
let token = TOKEN;
let jwt = key_set.decode(token).unwrap();
if jwt.expired().unwrapor(false) { println!("Sorry, token expired") } else { let result = jwt.payload().getstr("name");
match result {
Some(name) => { println!("Welcome, {}!", name); }
None => { println!("Welcome, anonymous"); }
}
} ```
(Made with ❤️ with Rust)