spacetimedb-jwks
| Crates.io | spacetimedb-jwks |
| lib.rs | spacetimedb-jwks |
| version | 0.1.3 |
| source | src |
| created_at | 2024-11-06 22:11:25.007112 |
| updated_at | 2024-11-06 22:11:25.007112 |
| description | A library for retrieving and parsing JSON Web Key Sets (JWKS) |
| homepage | |
| repository | https://github.com/chenhunghan/jwks |
| max_upload_size | |
| id | 1439159 |
| size | 19,532 |
Tyler Cloutier (cloutiertyler)
documentation
README
jwks
Fetch and parse JSON Web Key Set (JWKS)
cargo add jwks
Usage
From a jwks url.
let jwks_url = "https://www.googleapis.com/oauth2/v3/certs";
let jwks = Jwks::from_jwks_url(jwks_url).await.unwrap();
From a openid config url.
let openid_config_url = "https://accounts.google.com/.well-known/openid-configuration";
let jwks = Jwks::from_oidc_url(openid_config_url).await.unwrap();
Use with jsonwebtokn to validate a jwt.
use jsonwebtoken::{decode, decode_header, TokenData, Validation};
use jwks::Jwks;
use serde::{Deserialize, Serialize};
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct Claims {
pub sub: String,
}
#[tokio::main]
async fn main() {
let jwt = "...base64-encoded-jwt...";
// get the kid from jwt
let header = decode_header(jwt).expect("jwt header should be decoded");
let kid = header.kid.as_ref().expect("jwt header should have a kid");
// get a jwk from jwks by kid
let jwks_url = "https://www.googleapis.com/oauth2/v3/certs";
let jwks = Jwks::from_jwks_url(jwks_url).await.unwrap();
let jwk = jwks.keys.get(kid).expect("jwt refer to a unknown key id");
let validation = Validation::default();
let decoded_token: TokenData<Claims> =
decode::<Claims>(jwt, &jwk.decoding_key, &validation).expect("jwt should be valid");
}