diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 56 |
1 files changed, 24 insertions, 32 deletions
diff --git a/README.md b/README.md index 2b1e766d57c4..75f3bb9839ed 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ alcoholic_jwt ============= -This is a barebones library for **validation** of **RS256** JWTs using -keys from a JWKS. Nothing more, nothing less. +This is a library for **validation** of **RS256** JWTs using keys from +a JWKS. Nothing more, nothing less. The name of the library stems from the potential side-effects of trying to use the other Rust libraries that are made for similar @@ -21,36 +21,28 @@ extern crate alcoholic_jwt; use alcoholic_jwt::{JWKS, Validation, validate, token_kid}; -fn validate_token() { - // serde instances provided - let jwks: JWKS = some_http_client(jwks_url).json(); - - let token: String = some_token_fetcher(); - - // Several types of built-in validations are provided: - let validations = vec![ - Validation::Issuer("some-issuer"), - Validation::Audience("some-audience"), - Validation::SubjectPresent, - ]; - - // Extracting a KID is about the only safe operation that can be - // done on a JWT before validating it. - let kid = token_kid(token).expect("No 'kid' claim present in token"); - - let jwk = jwks.find(kid).expect("Specified key not found in set"); - - match validate(token, jwk, validations) { - Valid => println!("Token is valid!"), - InvalidSignature(reason) => println!("Token signature invalid: {}", reason), - InvalidClaims(reasons) => { - println!("Token claims are totally invalid!"); - for reason in reasons { - println!("Validation failure: {}", reason); - } - }, - } -} +// The function implied here would usually perform an HTTP-GET +// on the JWKS-URL for an authentication provider and deserialize +// the result into the `alcoholic_jwt::JWKS`-struct. +let jwks: JWKS = jwks_fetching_function(); + +let token: String = some_token_fetching_function(); + +// Several types of built-in validations are provided: +let validations = vec![ + Validation::Issuer("auth.test.aprila.no".into()), + Validation::SubjectPresent, +]; + +// If a JWKS contains multiple keys, the correct KID first +// needs to be fetched from the token headers. +let kid = token_kid(&token) + .expect("Failed to decode token headers") + .expect("No 'kid' claim present in token"); + +let jwk = jwks.find(&kid).expect("Specified key not found in set"); + +validate(token, jwk, validations).expect("Token validation has failed!"); ``` ## Under the hood |