#jwt #ristretto #token #key #traits #jwt-compat #ristretto256

tari-jwt

Ristretto JWT support for jwt-compat

1 unstable release

0.1.0 Mar 21, 2024

#39 in #ristretto

BSD-3-Clause

23KB
453 lines

Ristretto256 JSON Webtoken (JWT)

This is an implementation of a JWT using the Ristretto255 elliptic curve.

It extends the traits from the jwt-compact crate, which in turn can be used as middleware in actix-web via actix-jwt-auth-middleware.

Usage

Web tokens are signed and verified using Ristretto keys, defined in tari_crypto.

Creating a token

Create a token with a payload and a secret key:

#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
struct LoginInfo {
    username: String,
    admin: bool,
}

let mut claims = Claims::new(Info {
        username: "alice".to_string(),
        admin: true,
    });
// Set claims.expiry etc...    

let signing_key = Ristretto256SigningKey::from_slice(&SIGNING_KEY).unwrap();
let verifying_key = Ristretto256VerifyingKey::from_slice(&KEY).unwrap();
let token = Ristretto256
    .token(&Header::empty(), &claims, &signing_key)
    .unwrap();

The token will be a JSON object that looks something like

    eyJhbGciOiJSaXN0cmV0dG8yNTYiLCJ0eXAiOiJKV1QifQ.
    eyJleHAiOjE3MDk4MDU2MDAsImlhdCI6MTcwOTIwMDgwMCwidXNlcm5hbWUiOiJhbGljZSIsImFkbWluIjp0cnVlfQ.
    Ji2VxhHUBDcK-knCNGmGeBbo395X9d2R1Y1ikr0-C1sFQKeooNXae9DQLpC0cAd1XsrnRiw9gmM7UR6wH_kxCg

Verifying a token

To verify a token, use the verify method:

let token = "eyJhbGciOiJSa..."; // A token
let public_key = Ristretto256VerifyingKey::from_slice(&PUBLIC_KEY).unwrap();
let jwt = Ristretto256.validator::<LoginInfo>(&public_key)
        .validate(&token)
        .unwrap();
let login_info = token.claims().custom;

Dependencies

~12MB
~203K SLoC