#json #key-set #jwks #auth0 #client #web

jwks_client_rs

JWKS-sync client implementation for Auth0

9 unstable releases

0.5.1 Apr 17, 2024
0.5.0 Dec 13, 2023
0.4.2 Oct 18, 2023
0.4.1 Apr 3, 2023
0.1.1 Nov 11, 2021

#76 in Authentication

Download history 1475/week @ 2024-08-17 1427/week @ 2024-08-24 1255/week @ 2024-08-31 1580/week @ 2024-09-07 1708/week @ 2024-09-14 1970/week @ 2024-09-21 2102/week @ 2024-09-28 1371/week @ 2024-10-05 1726/week @ 2024-10-12 1199/week @ 2024-10-19 2097/week @ 2024-10-26 1886/week @ 2024-11-02 1891/week @ 2024-11-09 2262/week @ 2024-11-16 8161/week @ 2024-11-23 1842/week @ 2024-11-30

14,425 downloads per month

MIT license

36KB
759 lines

JWKS Client

This lib is used to store Json Web Key Set from your authentication provider. It stores in an internal Cache fetched JWKS and automatically refresh them after a given time.

Installation

Add to your Cargo.toml

# Cargo.toml
[dependencies]
jwks_client_rs = "0.5"

Code example

// Put in your application context or wherever this can live long enough
use jwks_client_rs::source::WebSource;
use jwks_client_rs::JwksClient;

// here you must join your `BASE_AUTH0_URL` env var with `.well-known/jwks.json` or whatever is the jwks url
let url: reqwest::Url = todo!();
let timeout: std::time::Duration = todo!();
// You can define a different source too using `JwksSource` trait
let source: WebSource = WebSource::builder()
    .with_timeout(timeout)
    .with_connect_timeout(timeout)
    .build(url);

let client: JwksClient<WebSource> = JwksClient::builder()
    .build(source);

// Store your client in your application context or whatever
// ..

// Get jwk by kid
use jwks_client_rs::{JsonWebKey, JwksClientError};

let kid: String = todo!();
let result: Result<JsonWebKey, JwksClientError> = app_context.jwks_client.get(kid).await;

It is possible to decode your token validating it has been signed by one of your authentication provider JWKS.

#[derive(serde::Deserialize)]
struct Claims {
    aud: String,
}

let client: JwksClient = todo!();
// Here's the token. Remember to remove "Bearer " from your token in case it is present
let token: &str = todo!();
// The audience the token were released for.
let audience: &str = todo!();
let result: Result<Claims, JwksClientError> = client.decode::<Claims>(token, audience).await;

Example

A working example could be found in examples folder. To run the example:

  • Export the KID env variable (take it from your tenant well known jwks)
  • Export the BASE_AUTH0_URL (by running localauth0 or using your auth0 tenant; the url should be your localauth0 exposed port on localhost or something like https://{your-tenant}.eu.auth0.com)
  • Run in shell cargo run --example get_jwks

Dependencies

~8–22MB
~332K SLoC