GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tazjin → alcoholic_jwt

tazjin / alcoholic_jwt

Licence: GPL-3.0 license
Rust library for validation of RS256 JWTs. Source has moved to https://git.tazj.in/tree/net/alcoholic_jwt

Programming Languages

rust
11053 projects

Labels

jwtrs256jwks

Projects that are alternatives of or similar to alcoholic jwt

rhonabwy
Javascript Object Signing and Encryption (JOSE) library - JWK, JWKS, JWS, JWE and JWT
Stars: ✭ 33 (+83.33%)
Mutual labels:  jwks
joken jwks
A Joken 2 hook for fetching the signer from a public JWKS url
Stars: ✭ 20 (+11.11%)
Mutual labels:  jwks
jwtauthroles
Made to use JWTs from an external identity provider in Laravel. Tested with Fusionauth, but should be quite general purpose.
Stars: ✭ 14 (-22.22%)
Mutual labels:  jwks
cognito-jwt-verifier
Verify ID and access JWT tokens from AWS Cognito in your node/Lambda backend with minimal dependencies.
Stars: ✭ 25 (+38.89%)
Mutual labels:  jwks

alcoholic_jwt

Build Status

This is a library for validation of RS256 JWTs using keys from a JWKS. Nothing more, nothing less.

RS256 is the most commonly used asymmetric signature mechanism for JWTs, encountered in for example Google's or Aprila's APIs.

The name of the library stems from the potential side-effects of trying to use the other Rust libraries that are made for similar purposes.

Usage overview

You are retrieving JWTs from some authentication provider that uses RS256 signatures and provides its public keys in JWKS format.

Example for a token that provides the key ID used for signing in the kid claim:

extern crate alcoholic_jwt;

use alcoholic_jwt::{JWKS, Validation, validate, token_kid};

// The function implied here would usually perform an HTTP-GET
// on the JWKS-URL for an authentication provider and deserialize
// the result into the `alcoholic_jwt::JWKS`-struct.
let jwks: JWKS = jwks_fetching_function();

let token: String = some_token_fetching_function();

// Several types of built-in validations are provided:
let validations = vec![
  Validation::Issuer("auth.test.aprila.no".into()),
  Validation::SubjectPresent,
];

// If a JWKS contains multiple keys, the correct KID first
// needs to be fetched from the token headers.
let kid = token_kid(&token)
    .expect("Failed to decode token headers")
    .expect("No 'kid' claim present in token");

let jwk = jwks.find(&kid).expect("Specified key not found in set");

validate(token, jwk, validations).expect("Token validation has failed!");

Under the hood

This library aims to only use trustworthy off-the-shelf components to do the work. Cryptographic operations are provided by the openssl crate, JSON-serialisation is provided by serde_json.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].