#oauth #certificate #oauth-token #provider #run-time #user-data #lock

oauth-certs

The project fetches oauth certificates from providers during runtime and stores them in static Read / Write lock

6 releases (breaking)

0.6.0 Aug 6, 2024
0.5.0 Jan 31, 2024
0.4.0 Jan 31, 2024
0.3.0 Sep 7, 2023
0.1.0 Aug 6, 2023

#230 in Authentication

Download history 7/week @ 2024-08-10 13/week @ 2024-09-14 20/week @ 2024-09-21 12/week @ 2024-09-28

281 downloads per month

MIT license

8KB
108 lines

oauth-certs CI

The project fetches oauth certificates from providers during runtime and stores them in static Read / Write lock.

The gist of basic usage

/// `GooglePayload` is the user data from google.
/// see https://developers.google.com/identity/openid-connect/openid-connect for more info.
#[derive(Debug, Clone, Serialize, Deserialize)]
#[non_exhaustive]
pub struct ClaimsGoogle {
    // These fields are marked `always`.
    aud: String,
    exp: u64,
    iat: u64,
    iss: String,
    sub: String,

    /// Email
    email: String,
    /// Email verified or not
    email_verified: Option<bool>,
}

/// decode JWT token into Claims
pub async fn decode(token: &str) -> Result<ClaimsGoogle> {
    let header = jsonwebtoken::decode_header(token)?;

    let certs = oauth_certs::google::oauth2_v3_certs().await.map_err(|e| {
        // tracing::error!("Failed to get google oauth certs: {}", e);
        jsonwebtoken::errors::ErrorKind::RsaFailedSigning
    })?;

    let jwt_key = (certs)
        .keys
        .iter()
        .find(|cert| cert.common.key_id == header.kid)
        .ok_or::<jsonwebtoken::errors::Error>(
            jsonwebtoken::errors::ErrorKind::InvalidKeyFormat.into(),
        )?;

    let decoding_key = DecodingKey::from_jwk(jwt_key)?;

    jsonwebtoken::decode::<ClaimsGoogle>(token, &decoding_key, &validation())
        .map(|token_data| token_data.claims)
}

Dependencies

~6–19MB
~259K SLoC