#key #header #rfc #server #web-push #claim


An implementation of the RFC 8292 Voluntary Application Server Identification (VAPID) Auth header generator

1 unstable release

0.6.0 Dec 6, 2022

#866 in Authentication

MPL-2.0 license

420 lines

VAPID auth support

This library only supports the latest VAPID-draft-02+ specification.

Example Use:

use vapid::{Key, sign};
use std::collections::HashMap;

// Create a key from an existing EC Private Key PEM file.
// You can generate this with
// Key::generate().to_pem("pem/file/path.pem");
let my_key = Key::from_pem("pem/file/path.pem").unwrap();

// Construct the Claims hashmap
let mut claims:HashMap<String, serde_json::Value> = HashMap::new();
    String::from("sub"), serde_json::Value::from("mailto:bob@example.com")
// while `exp` can be filled in for you, `aud` should point to the net location of the
// Push server you wish to talk to. (e.g. `https://push.services.mozilla.org`)
// `aud` is optional for Mozilla, but may be required for GCM/FCM or other systems.
    String::from("aud"), serde_json::Value::from("https://host.ext")

// The result will contain the `Authorization:` header. How you inject this into your
// request is left as an exercise.
let authorization_header = sign(my_key, &mut claims).unwrap();


~159K SLoC