JWT Vault

Highly flexible library to manage and orchestrate JWT workflow

[![Build Status](https://travis-ci.org/sgrust01/jwtvault.svg?branch=master)](https://travis-ci.org/sgrust01/jwtvault) [![codecov](https://codecov.io/gh/sgrust01/jwtvault/branch/master/graph/badge.svg)](https://codecov.io/gh/sgrust01/jwtvault) [![Version](https://img.shields.io/badge/rustc-1.39+-blue.svg)](https://blog.rust-lang.org/2019/11/07/Rust-1.39.0.html) ![RepoSize](https://img.shields.io/github/repo-size/sgrust01/jwtvault) ![Crates.io](https://img.shields.io/crates/l/jwtvault) ![Crates.io](https://img.shields.io/crates/v/jwtvault) ![Crates.io](https://img.shields.io/crates/d/jwtvault) ![Contributors](https://img.shields.io/github/contributors/sgrust01/jwtvault)

Examples | Website | Chat

TODO

Add more examples
Improve coverage

Features

Manages & Orchestrates JWT for user login, logout & renew
Easy start
No un-safe code
Runs on stable rust
Library approach (Requires no runtime)
Supports plugable components (Store & Hasher)
Invalidates old refresh upon new refresh token renewal
Invalidates old authentication upon new authentication token renewal
Handles Thundering herd problem upon authentication token expiry

Quickstart

Dependencies:

toml [dependencies] jwtvault = "*"

$ curl https://raw.githubusercontent.com/sgrust01/jwtvault/master/generate_certificates.sh > ./generate_certificates.sh

shell script ./generate_certificates.sh

```rust use jwtvault::prelude::*; use std::collections::HashMap;

fn main() { let mut users = HashMap::new();

// User: John Doe

let userjohn = "John Doe"; let passwordfor_john = "john";

// User: Jane Doe let userjane = "Jane Doe"; let passwordfor_jane = "jane";

// load users and their password from database/somewhere users.insert(userjohn.tostring(), passwordforjohn.tostring()); users.insert(userjane.tostring(), passwordforjane.tostring());

// Initialize vault let mut vault = DefaultVault::new(users);

// John needs to login now let token = vault.login( userjohn, passwordfor_john, None, None, ).ok().unwrap().unwrap();

// When John presents authentication token, it can be used to restore John's session info let serverrefreshtoken = vault.resolveservertokenfromclientauthenticationtoken( userjohn.asbytes(), token.authentication_token() ).ok().unwrap();

// serverrefreshtoken (variable) contains server which captures client private info // which never leaves the server let privateinfoaboutjohn = serverrefresh_token.server().unwrap();

// serverrefreshtoken (variable) contains client which captures client public info // which is send to client let datafromserverside = serverrefresh_token.client().unwrap();

// Check out the data on client and server which are public and private respectively println!(" [Public] John Info: {}", String::fromutf8lossy(datafromserverside.asslice()).tostring()); println!("[Private] John Info: {}", String::fromutf8lossy(privateinfoaboutjohn.asslice()).tostring());

// lets renew authentication token let newtoken = vault.renew( userjohn.asbytes(), token.refreshtoken(), None, ).ok().unwrap();

// When John presents new authentication token it can be used to restore session info let _ = vault.resolveservertokenfromclientauthenticationtoken( userjohn.asbytes(), newtoken.asstr(), ).ok().unwrap(); } ```

Workflows

To begin use login with ***user*** and ***password***
- Upon successful login is provides user will be provided with JWT pair (authentication/refresh)
- Authentication token is then provided to access any resources
- Refresh token is used to renew an authentication token upon expiry
Use resolve_server_token_from_client_authentication_token with ***user*** and ***authenticationtoken*_ to restore user session
Use renew with ***user*** and ***refreshtoken*_ to generate new authentication token
Use logout with ***user*** and ***authenticationtoken*_ will remove all tokens associated with the user