truelayer-signing
| Crates.io | truelayer-signing |
| lib.rs | truelayer-signing |
| version | 0.3.0 |
| source | src |
| created_at | 2021-10-14 13:38:34.904598 |
| updated_at | 2024-07-15 14:40:37.79883 |
| description | Produce & verify TrueLayer API requests signatures |
| homepage | |
| repository | https://github.com/TrueLayer/truelayer-signing |
| max_upload_size | |
| id | 464907 |
| size | 78,952 |
Rust OSS (github:truelayer:rust-oss)
documentation
README
truelayer-signing
Rust crate to produce & verify TrueLayer API requests signatures.
// `Tl-Signature` value to send with the request.
let tl_signature = truelayer_signing::sign_with_pem(kid, private_key)
.method(Method::Post)
.path("/payouts")
.header("Idempotency-Key", idempotency_key)
.body(body)
.build_signer()
.sign()?;
See full example.
Prerequisites
- OpenSSL (see here for instructions).
Verifying webhooks
The verify_with_jwks function may be used to verify webhook Tl-Signature header signatures.
// `jku` field is included in webhook signatures
let jku = truelayer_signing::extract_jws_header(webhook_signature)?.jku?;
// check `jku` is an allowed TrueLayer url & fetch jwks JSON (not provided by this lib)
ensure_jku_allowed(jku)?;
let jwks = fetch_jwks(jku);
// jwks may be used directly to verify a signature
truelayer_signing::verify_with_jwks(jwks)
.method(Method::Post)
.path(path)
.headers(all_webhook_headers)
.body(body)
.build_verifier()
.verify(webhook_signature)?;