jwt-rust

A rust implementation of JSON Web Tokens.

Examples

Sign

```rust use jwts::{Claims, jws}; use jwts::jws::Header; use jwts::jws::alg::HS256;

let claims = Claims { iss: Some("sea".toowned()), ..Default::default() }; asserteq!( jws::sign::(Header::default(), &claims, b"secret"), Ok("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzZWEifQ.L0DLtDjydcSK-c0gTyOYbmUQLUCZzqAGCINn2OLhFs".toowned()), ); ```

### Verify

```rust use jwts::{Claims, jws}; use jwts::jws::{Header, Token}; use jwts::jws::alg::HS256;

let claims = Claims { iss: Some("sea".to_owned()), ..Default::default() }; let token = jws::sign::(Header::default(), &claims, b"secret").unwrap();

let result = Token::::verifywithkey::(&token, b"secret"); assert!(result.is_ok()); ```

### Validate Claims

```rust use std::time; use std::time::{Duration, SystemTime}; use jwts::Claims; use jwts::validate::{ExpectAud, ExpectIss, ExpectJti, ExpectSub, Expired, Iat, NotBefore, Validate};

fn nowsecs() -> u64 { SystemTime::now() .durationsince(time::UNIXEPOCH) .unwrapor(Duration::ZERO) .as_secs() }

let claims = Claims { iss: Some("sea".toowned()), sub: Some("subject".toowned()), aud: Some("audience".toowned()), jti: Some("id".toowned()), iat: Some(nowsecs()), nbf: Some(nowsecs()), exp: Some(nowsecs() + 1), }; asserteq!(claims.validate(IssuedAtTime), Ok(())); asserteq!(claims.validate(NotBeforeTime), Ok(())); asserteq!(claims.validate(ExpiredTime), Ok(())); asserteq!(claims.validate(ExpectIss("sea")), Ok(())); asserteq!(claims.validate(ExpectSub("subject")), Ok(())); asserteq!(claims.validate(ExpectAud("audience")), Ok(())); asserteq!(claims.validate(ExpectJti("id")), Ok(())); ```

Algorithms

Sign and verify use crate ring.

• [x] HS256 - HMAC using SHA-256
• [x] HS384 - HMAC using SHA-384
• [x] HS512 - HMAC using SHA-512
• [x] RS256 - RSASSA-PKCS1-v1_5 using SHA-256
• [x] RS384 - RSASSA-PKCS1-v1_5 using SHA-384
• [x] RS512 - RSASSA-PKCS1-v1_5 using SHA-512
• [x] ES256 - ECDSA using P-256 and SHA-256
• [x] ES384 - ECDSA using P-384 and SHA-384
• [ ] ES512 - ECDSA using P-521 and SHA-512
• [x] PS256 - RSASSA-PSS using SHA-256 and MGF1 with SHA-256
• [x] PS384 - RSASSA-PSS using SHA-384 and MGF1 with SHA-384
• [x] PS512 - RSASSA-PSS using SHA-512 and MGF1 with SHA-512

More

RFC 7519 JSON Web Token (JWT)

RFC 7515 JSON Web Signature (JWS)

RFC 7518 JSON Web Algorithms (JWA)

License

Apache 2.0 License