diff options
| author | Vincent Ambo <mail@tazj.in> | 2018-09-04T10·36+0200 |
|---|---|---|
| committer | Vincent Ambo <mail@tazj.in> | 2018-09-04T10·48+0200 |
| commit | 29dfb6826f8c543f0a0050af8f00d2b316207607 (patch) | |
| tree | 707fc1f95e5474392d6b68b93833eac2be771722 /README.md | |
| parent | dd527ecdf1f8c979a06ade426c22d37c2a4a06ea (diff) | |
docs: Update README to match new library API
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 56 |
1 files changed, 24 insertions, 32 deletions
diff --git a/README.md b/README.md index 2b1e766d57c4..75f3bb9839ed 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ alcoholic_jwt ============= -This is a barebones library for **validation** of **RS256** JWTs using -keys from a JWKS. Nothing more, nothing less. +This is a library for **validation** of **RS256** JWTs using keys from +a JWKS. Nothing more, nothing less. The name of the library stems from the potential side-effects of trying to use the other Rust libraries that are made for similar @@ -21,36 +21,28 @@ extern crate alcoholic_jwt; use alcoholic_jwt::{JWKS, Validation, validate, token_kid}; -fn validate_token() { - // serde instances provided - let jwks: JWKS = some_http_client(jwks_url).json(); - - let token: String = some_token_fetcher(); - - // Several types of built-in validations are provided: - let validations = vec![ - Validation::Issuer("some-issuer"), - Validation::Audience("some-audience"), - Validation::SubjectPresent, - ]; - - // Extracting a KID is about the only safe operation that can be - // done on a JWT before validating it. - let kid = token_kid(token).expect("No 'kid' claim present in token"); - - let jwk = jwks.find(kid).expect("Specified key not found in set"); - - match validate(token, jwk, validations) { - Valid => println!("Token is valid!"), - InvalidSignature(reason) => println!("Token signature invalid: {}", reason), - InvalidClaims(reasons) => { - println!("Token claims are totally invalid!"); - for reason in reasons { - println!("Validation failure: {}", reason); - } - }, - } -} +// The function implied here would usually perform an HTTP-GET +// on the JWKS-URL for an authentication provider and deserialize +// the result into the `alcoholic_jwt::JWKS`-struct. +let jwks: JWKS = jwks_fetching_function(); + +let token: String = some_token_fetching_function(); + +// Several types of built-in validations are provided: +let validations = vec![ + Validation::Issuer("auth.test.aprila.no".into()), + Validation::SubjectPresent, +]; + +// If a JWKS contains multiple keys, the correct KID first +// needs to be fetched from the token headers. +let kid = token_kid(&token) + .expect("Failed to decode token headers") + .expect("No 'kid' claim present in token"); + +let jwk = jwks.find(&kid).expect("Specified key not found in set"); + +validate(token, jwk, validations).expect("Token validation has failed!"); ``` ## Under the hood |