2 stable releases
Uses new Rust 2024
| new 1.0.1 | Apr 16, 2025 |
|---|
#547 in HTTP server
29KB
345 lines
Simple JWTs in Rust
This library allows for the signing and verifying of JWTs
Generating a JWT
To generate a token you use sign() with your Claims, Header and Signing Key
Start by defining a Claims Struct. This struct will contain all of the data.
This struct must implement serde::Serialize, serde::Deserialize and Clone traits. Here is an example of a valid struct
#[derive(Serialize, Deserialize, Clone)]
pub struct Claims {
pub exp: usize,
pub id: String,
pub role: String,
}
You must also create the header with your algorithm of choice.
let algorithm = Algorithm::HS256;
let header = Header::new(algorithm);
Then assuming you have read in your signing/private key from PEM format into a String
let signed_key = sign(header, claims, )
Note
All keys should be read from PEM format, currently only pkcs1 is supported. See this answer for information on converting from pkcs8 using OpenSSL
Verifying a JWT
We can verify a JWT signature is valid using the verify() function, with the signed JWT and your verification (public) key
Caution
No claims are verified in this function, including exp. Only the signature is verified, the claims are returned to the caller to handle and verify.
[!NOTE]
All keys should be read from PEM format, currently only pkcs1 is supported. See this answer for information on converting from pkcs8 using OpenSSL
verify() returns the claims of the token assuming verification passes. The claims struct must be defined and requires the public key to be read in PEM pkcs1 format, as seen in Generating a JWT
Here is an example of using the verify() function:
let token = "pretend_this.is_a.valid_signed_token";
let public_key = "pretend_this_is_a_valid_public_key_from_a_pem_file";
let claims: Claims = verify(token, public_key).unwrap();
Dependencies
~6MB
~123K SLoC