Lib.rs

AuthenticationSSI
#jwt #ssi #json #identity #claim #token #decoding

ssi-jwt

Implementation of JWT for the ssi library

by Simon Bihel, Charles E. Lehner, Timothée Haudebourg, chunningham and 21 contributors

3 unstable releases

new 0.2.0 Jul 26, 2024
0.1.1 Apr 6, 2023
0.1.0 Dec 16, 2022

#953 in Authentication

Download history 616/week @ 2024-04-05 757/week @ 2024-04-12 716/week @ 2024-04-19 804/week @ 2024-04-26 865/week @ 2024-05-03 655/week @ 2024-05-10 607/week @ 2024-05-17 413/week @ 2024-05-24 496/week @ 2024-05-31 467/week @ 2024-06-07 538/week @ 2024-06-14 609/week @ 2024-06-21 494/week @ 2024-06-28 433/week @ 2024-07-05 424/week @ 2024-07-12 148/week @ 2024-07-19

1,597 downloads per month
Used in 23 crates (6 directly)

Apache-2.0 and Apache-2.0…

340KB
7.5K SLoC

JSON Web Token (JWT) implementation following RFC7519.

Usage

Decoding & Verification

use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::CompactJWSStr;
use ssi_jwt::ToDecodedJWT;

let jws = CompactJWSStr::new(b"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBTbWl0aCIsImlhdCI6MTcxNTM0Mjc5MCwiaXNzIjoiaHR0cDovL2V4YW1wbGUub3JnLyNpc3N1ZXIifQ.S51Gmlkwy4UxOhhc4nVl4_sHHVPSrNmjZDwJCDXDbKp2MT8-UyhZLw03gVKe-JRUzcsteWoeRCUoA5rwnuTSoA").unwrap();

let jwk: JWK = json!({
    "kty": "EC",
    "use": "sig",
    "crv": "P-256",
    "x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
    "y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
    "alg": "ES256"
}).try_into().unwrap();

assert!(jws.verify_jwt(&jwk).await.unwrap().is_ok());

Internally ToDecodedJWT::verify_jwt uses ToDecodedJWT::to_decoded_jwt to decode the JWT, VerifiableClaims::into_verifiable to separate the payload from the signature then Verifiable::verify to validate the signature and registered claims.

Signature

Use the JWSPayload::sign method to sign a payload into a JWT.

use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::JWSPayload;
use ssi_jwt::{JWTClaims, Issuer, IssuedAt, ExpirationTime};

let mut claims: JWTClaims = Default::default();
claims.registered.set(Issuer("http://example.org/#issuer".parse().unwrap()));
claims.registered.set(IssuedAt("1715342790".parse().unwrap()));
claims.registered.set(ExpirationTime("1746881356".parse().unwrap()));
claims.private.set("name".to_owned(), "John Smith".into());

let jwk: JWK = json!({
    "kty": "EC",
    "d": "3KSLs0_obYeQXfEI9I3BBH5y7aOm028bEx3rW6i5UN4",
    "use": "sig",
    "crv": "P-256",
    "x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
    "y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
    "alg": "ES256"
}).try_into().unwrap();

let jwt = claims.sign(&jwk).await.unwrap();
assert_eq!(jwt, "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vZXhhbXBsZS5vcmcvI2lzc3VlciIsImV4cCI6MTc0Njg4MTM1NiwiaWF0IjoxNzE1MzQyNzkwLCJuYW1lIjoiSm9obiBTbWl0aCJ9.zBfMZzfQuuSfzcZmnz0MjXwT1sP26qwVq2GZX3qL0DR3wRMVG-wbCu9jPJ48l-F_q7W253_VqMWpoLluHo-gpg")

Dependencies

~21–32MB
~501K SLoC