Build Status License:MIT Minimum rustc version

JWKS-Client is a library written in Rust to decode and validate JWT tokens using a JSON Web Key Store.

* IMPORTANT *

JWKS-Client was designed to work with a project that uses Rocket. Unfortunatly, the version of Rocket in crates.io is not compatible with the version of Ring required for JWKS-Client.

To use JWKS-Client with Rocket, use the following dependency in Cargo.toml:

toml rocket = { git = "https://github.com/SergioBenitez/Rocket" }

Furthermore, be aware that JWKS-Client is still being developed. Some (hopefully minor) breaking changes may happen. Sorry about that!

Features

I created this library specifically to decode GCP/Firebase JWT but should be useable with little to no modification. Contact me to propose support for different JWKS key store. Feedback, suggestions, complaints and critisism is appreaciate.

Basic Usage

The following demonstrates how to load a set of keys from an HTTP address and verify a JWT token using those keys:

```rust use keyset::KeyStore;

<<<<<<< HEAD

let keystore = KeyStore::newfrom("http://mykeyset.com/").unwrap();

let jkwsurl = "https://..."; let keyset = KeySet::newfrom(jkwsurl).unwrap();

fade3478dc6e28ac80b39ddccb3bbe315b87e8ab

// ...

let my_token = "..."; // JWT

match keystore.verify(mytoken) { Ok(jwt) => { println!("name={}", jwt.payload().getstr("name").unwrap()); } Err() => { eprintln!("Could not verify token"); } } ```

JWKS-Client offers descriptive error results:

```rust use keyset::KeyStore; use error::{Error, Type};

let keystore = KeyStore::newfrom("http://mykeyset.com/").unwrap();

<<<<<<< HEAD

match keystore.verify(mytoken) {

let keyset = KeySet::newfrom(jwks_url).unwrap();

match key_set.verify(token) {

fade3478dc6e28ac80b39ddccb3bbe315b87e8ab Ok(jwt) => { println!("name={}", jwt.payload().get_str("name").unwrap()); } Err(Error { msg, typ: Type::Header }) => { eprintln!("Problem with header. Message: {}", msg); } Err(Error { msg, typ: Type::Payload }) => { eprintln!("Problem with payload. Message: {}", msg); } Err(Error { msg, typ: Type::Signature }) => { eprintln!("Problem with signature. Message: {}", msg); } Err(Error { msg: _, typ: Type::Expired }) => { eprintln!("Token is expired."); } Err(Error { msg: _, typ: Type::Early }) => { eprintln!("Too early to use token."); } Err(e) => { eprintln!("Something else went wrong. Message {:?}", e); } } ```

JWKS-Client can decode a JWT payload (claims) into a struct:

```rust use serde_derive::Deserialize;

<<<<<<< HEAD use jwt::Jwt;

use keyset::{JwtKey, KeyStore};

let key_set = KeySet::new();

fade3478dc6e28ac80b39ddccb3bbe315b87e8ab

[derive(Deserialize)]

pub struct MyClaims { pub iss: String, pub name: String, pub email: String, }

let mut keyset = KeyStore::newfrom("http://mykeys.com");

let jwt = keyset.decode(mytoken).unwrap();

let claims = jwt.payload().into::().unwrap();

asserteq!("https://chronogears.com/test", claims.iss); asserteq!("Ada Lovelace", claims.name); assert_eq!("alovelace@chronogears.com", claims.email); ```

History

TODO:

(Made with ❤️ with Rust)