Skip to content
/ jwks Public
forked from chenhunghan/jwks

Fetch and parse JSON Web Key Set (JWKS)

License

Notifications You must be signed in to change notification settings

jsdt/jwks

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

jwks

Fetch and parse JSON Web Key Set (JWKS)

cargo add jwks

https://crates.io/crates/jwks

Usage

From a jwks url.

let jwks_url = "https://www.googleapis.com/oauth2/v3/certs";
let jwks = Jwks::from_jwks_url(jwks_url).await.unwrap();

From a openid config url.

let openid_config_url = "https://accounts.google.com/.well-known/openid-configuration";
let jwks = Jwks::from_oidc_url(openid_config_url).await.unwrap();

Use with jsonwebtokn to validate a jwt.

use jsonwebtoken::{decode, decode_header, TokenData, Validation};
use jwks::Jwks;
use serde::{Deserialize, Serialize};

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct Claims {
    pub sub: String,
}

#[tokio::main]
async fn main() {
    let jwt = "...base64-encoded-jwt...";

    // get the kid from jwt
    let header = decode_header(jwt).expect("jwt header should be decoded");
    let kid = header.kid.as_ref().expect("jwt header should have a kid");

    // get a jwk from jwks by kid
    let jwks_url = "https://www.googleapis.com/oauth2/v3/certs";
    let jwks = Jwks::from_jwks_url(jwks_url).await.unwrap();
    let jwk = jwks.keys.get(kid).expect("jwt refer to a unknown key id");

    let validation = Validation::default();
    let decoded_token: TokenData<Claims> =
        decode::<Claims>(jwt, &jwk.decoding_key, &validation).expect("jwt should be valid");
}

About

Fetch and parse JSON Web Key Set (JWKS)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 100.0%