about summary refs log tree commit diff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md56
1 files changed, 24 insertions, 32 deletions
diff --git a/README.md b/README.md
index 2b1e766d57c4..75f3bb9839ed 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 alcoholic_jwt
 =============
 
-This is a barebones library for **validation** of **RS256** JWTs using
-keys from a JWKS. Nothing more, nothing less.
+This is a library for **validation** of **RS256** JWTs using keys from
+a JWKS. Nothing more, nothing less.
 
 The name of the library stems from the potential side-effects of
 trying to use the other Rust libraries that are made for similar
@@ -21,36 +21,28 @@ extern crate alcoholic_jwt;
 
 use alcoholic_jwt::{JWKS, Validation, validate, token_kid};
 
-fn validate_token() {
-    // serde instances provided
-    let jwks: JWKS = some_http_client(jwks_url).json();
-
-    let token: String = some_token_fetcher();
-
-    // Several types of built-in validations are provided:
-    let validations = vec![
-      Validation::Issuer("some-issuer"),
-      Validation::Audience("some-audience"),
-      Validation::SubjectPresent,
-    ];
-
-    // Extracting a KID is about the only safe operation that can be
-    // done on a JWT before validating it.
-    let kid = token_kid(token).expect("No 'kid' claim present in token");
-
-    let jwk = jwks.find(kid).expect("Specified key not found in set");
-
-    match validate(token, jwk, validations) {
-      Valid => println!("Token is valid!"),
-      InvalidSignature(reason) => println!("Token signature invalid: {}", reason),
-      InvalidClaims(reasons) => {
-          println!("Token claims are totally invalid!");
-          for reason in reasons {
-              println!("Validation failure: {}", reason);
-          }
-      },
-    }
-}
+// The function implied here would usually perform an HTTP-GET
+// on the JWKS-URL for an authentication provider and deserialize
+// the result into the `alcoholic_jwt::JWKS`-struct.
+let jwks: JWKS = jwks_fetching_function();
+
+let token: String = some_token_fetching_function();
+
+// Several types of built-in validations are provided:
+let validations = vec![
+  Validation::Issuer("auth.test.aprila.no".into()),
+  Validation::SubjectPresent,
+];
+
+// If a JWKS contains multiple keys, the correct KID first
+// needs to be fetched from the token headers.
+let kid = token_kid(&token)
+    .expect("Failed to decode token headers")
+    .expect("No 'kid' claim present in token");
+
+let jwk = jwks.find(&kid).expect("Specified key not found in set");
+
+validate(token, jwk, validations).expect("Token validation has failed!");
 ```
 
 ## Under the hood