JWKS-Client is a library written in Rust to decode and validate JWT tokens using a JSON Web Key Store.
I created this library specifically to decode GCP/Firebase JWT but should be useable with little to no modification. Contact me to propose support for different JWKS key store.
The following demonstrates how to load a set of keys from an HTTP address and verify a JWT token using those keys:
```rust use jwks::KeyStore;
let jkwsurl = "https://..."; let keystore = KeyStore::newfrom(jkwsurl).unwrap();
// ...
let token = "...";
match keystore.verify(token) { Ok(jwt) => { println!("name={}", jwt.payload().getstr("name").unwrap()); } Err(_) => { eprintln!("Could not verify token"); } } ```
JWKS-Client offers descriptive error results:
```rust use jwks::KeyStore; use error::{Error, Type};
let jwks_url = "http://..."; let token = "...";
let keystore = KeyStore::newfrom(jwks_url).unwrap();
match keystore.verify(token) { Ok(jwt) => { println!("name={}", jwt.payload().getstr("name").unwrap()); } Err(Error { msg, typ: Type::Header }) => { eprintln!("Problem with header. Message: {}", msg); } Err(Error { msg, typ: Type::Payload }) => { eprintln!("Problem with payload. Message: {}", msg); } Err(Error { msg, typ: Type::Signature }) => { eprintln!("Problem with signature. Message: {}", msg); } Err(Error { msg: _, typ: Type::Expired }) => { eprintln!("Token is expired."); } Err(Error { msg: _, typ: Type::Early }) => { eprintln!("Too early to use token."); } Err(e) => { eprintln!("Something else went wrong. Message {:?}", e); } } ```
JWKS-Client can decode a JWT payload into a struct:
```rust use jwks::KeyStore;
let key_store = KeyStore::new();
let token = TOKEN;
let jwt = key_store.decode(token).unwrap();
if jwt.expired().unwrapor(false) { println!("Sorry, token expired") } else { let result = jwt.payload().getstr("name");
match result {
Some(name) => { println!("Welcome, {}!", name); }
None => { println!("Welcome, anonymous"); }
}
} ```