JSON Web Token implementation in Rust.

Overview

Frank JWT Build Status crates.io

Implementation of JSON Web Tokens in Rust.

Algorithms and features supported

  • HS256
  • HS384
  • HS512
  • RS256
  • RS384
  • RS512
  • ES256
  • ES384
  • ES512
  • Sign
  • Verify
  • iss (issuer) check
  • sub (subject) check
  • aud (audience) check
  • exp (expiration time) check
  • nbf (not before time) check
  • iat (issued at) check
  • jti (JWT id) check

Usage

Put this into your Cargo.toml:

[dependencies]
frank_jwt = "<current version of frank_jwt>"

And this in your crate root:

extern crate frank_jwt;
#[macro_use] extern crate serde_json;


use frank_jwt::{Algorithm, encode, decode};

Example

//HS256
let mut payload = json!({
    "key1": "val1",
    "key2": "val2"
});

let mut header = json!({});
let secret = "secret123";
let jwt = encode(&header, secret.to_string(), &payload, Algorithm::HS256);

//RS256
use std::env;

let mut payload = json!({
    "key1": "val1",
    "key2": "val2"
});

let mut header = json!({});
let mut keypath = env::current_dir().unwrap();
keypath.push("some_folder");
keypath.push("my_rsa_2048_key.pem");
let jwt = encode(&header, &keypath.to_path_buf(), &payload, Algorithm::RS256);
let (header, payload) = decode(&jwt, &keypath.to_path_buf(), Algorithm::RS256, &ValidationOptions::default());

Validation Options

The ValidationOptions structure allows for control over which checks should be preformed when decoding a JWT. Calling new on this will provide a default set of values. There is also a dangerous function that will return validation options that doesn't perform any checking.

The default values are:

  • Perform expiry check
  • Allow 0 leeway for the expiry check.

It's worth noting that if the expiry check is requested and an exp claim is not within the JWT the check will fail validation.

License

Apache 2.0

Tests

cargo test

Contributors

TODO

Comments
  • Feature request: decode without verifying the signature

    Feature request: decode without verifying the signature

    Hi,

    I need to decode the JWT to get the content, and in some context I don't care about whether it's properly signed or not. But decode_segments is private.

    Could you please make decode_segments public?

    Regards,

    opened by JMLX42 10
  • Add test documentation

    Add test documentation

    Fixes #30

    Besides fixing the README file, I thought to also add some documentation as tests, so they'll appear in docs.rs - let's make 2019 the year of well documented libraries in Rust :^)

    I did run rustfmt (automatically run-on-save on my setup) over the code and committed some linting aside, up to you to cherry pick or merge everything.

    Opinions @GildedHonour ?

    Thanks for evaluating this patch! :+1:

    opened by apiraino 9
  • Payload should be pure JSON not a String map

    Payload should be pure JSON not a String map

    At the moment, it is not possible to create a payload of, for instance:

    {
    "sub": "1234567890",
    "name": "John Doe",
    "admin": true
    "exp": 123545679
    }
    
    opened by mneumann 6
  • Compiler errors due to old 0.9 version of `openssl` crate.

    Compiler errors due to old 0.9 version of `openssl` crate.

    My system has OpenSSL 1.1.1, and openssl crate 0.9 doesn't work with it. Check out the related issue here:

    https://github.com/sfackler/rust-openssl/issues/987

    That issue has been linked to several other issues like this one for crates with the same issue as frank_jwt.

    Thanks!

    opened by freiguy1 5
  • Misleading ReadMe

    Misleading ReadMe

    I've looked through the source code, and while the readme claims that it checks all registered jwt claims

    There's nothing in the code that actually does that. the readme should be updated with this, so as not to confuse users

    • [x] HS256
    • [x] HS384
    • [x] HS512
    • [x] RS256
    • [x] RS384
    • [x] RS512
    • [x] ES256
    • [x] ES384
    • [x] ES512
    • [x] Sign
    • [x] Verify
    • [ ] iss (issuer) check
    • [ ] sub (subject) check
    • [ ] aud (audience) check
    • [ ] exp (expiration time) check
    • [ ] nbf (not before time) check
    • [ ] iat (issued at) check
    • [ ] jti (JWT id) check
    opened by seunlanlege 5
  • Нужен NFT Программист

    Нужен NFT Программист

    ДД Создаем коллекцию NFT Ищем разработчика для создания сайта для минта (смарт контракт) и все необходимое для успешного выпуска коллекции в OpenSea на ETH

    opened by Zetor999 4
  • Follow semver

    Follow semver

    According to semver one should bump major version when introducing incompatible API changes. #59 introduced breaking changes and thus broke others code. Thanks!

    opened by TatriX 4
  • use failure crate

    use failure crate

    Currently the Error type used in the crate doesn't implement std::error::Error. This degrades ergonomics when used elsewhere. Upgrading to use failure would improve things.

    opened by mathstuf 4
  • The function

    The function "encode" for the RS algorithms

    At the moment for the RS algorithms the function encode expects a path to a private pem file rather than a structure representing a private pem file itself. Should it be changed, leave your comment.

    enhancement 
    opened by GildedHonour 4
  • Fix panic in sign_es if r or s are too short

    Fix panic in sign_es if r or s are too short

    In some cases r and/or s may be less than 32 bytes long, which caused the code that builds the full signature to attempt to splice after the end of signature and panic.

    opened by thomaswhiteway 3
  • HS256 generates unexpected token

    HS256 generates unexpected token

    Header

    {
      "alg": "HS256",
      "typ": "JWT"
    }
    

    Payload

    {
      "userid": "CRISP",
      "group": "ATI",
      "resources": []
    }
    

    secret: "secret"

    Should generate (using jwt.io):

    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiJDUklTUCIsImdyb3VwIjoiQVRJIiwicmVzb3VyY2VzIjpbXX0.K9nfZnbMzF1-P1zXEQHeYYUz35NTbTPpT560wNG16DM
    

    This lib returns:

    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJncm91cCI6IkFUSSIsInJlc291cmNlcyI6W10sInVzZXJpZCI6IkNSSVNQIn0=.XfroJa5E41zs03U1aPtP3Qy3Er4vIBVb0Be
    tZ0GuBfk=
    

    Even removing trailing = characters (#28) , this JWT is not valid.

    opened by felipenoris 3
Owner
Alex Maslakov
I help people, dogs and parrots create custom software. I swim in the oceans of web, ecommerce, security, cryptocurrencies, machine learning and marketing
Alex Maslakov
Akasio is a simple HTTP server that redirects traffic based on a JSON redirect table. This is its Rust implementation.

This page is inaccurate and is pending updates. Akasio (Rust) Description Akasio is a simple HTTP server that redirects traffic based on a JSON redire

K4YT3X 5 May 2, 2022
Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust.

Actix Web Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust Features Supports HTTP/1.x and HTTP/2 Streaming and pipelining

Actix 16.3k Jan 8, 2023
An Extensible, Concurrent Web Framework for Rust

Iron Extensible, Concurrency Focused Web Development in Rust. Response Timer Example Note: This example works with the current iron code in this repos

null 6.1k Dec 27, 2022
An expressjs inspired web framework for Rust

nickel.rs nickel.rs is a simple and lightweight foundation for web applications written in Rust. Its API is inspired by the popular express framework

null 3k Jan 3, 2023
A web framework for Rust.

Rocket Rocket is an async web framework for Rust with a focus on usability, security, extensibility, and speed. #[macro_use] extern crate rocket; #[g

Sergio Benitez 19.5k Jan 8, 2023
A lightweight web framework built on hyper, implemented in Rust language.

Sapper Sapper, a lightweight web framework, written in Rust. Sapper focuses on ergonomic usage and rapid development. It can work with stable Rust. Sa

Daogang Tang 622 Oct 27, 2022
Web framework in Rust

Rouille, a Rust web micro-framework Rouille is a micro-web-framework library. It creates a listening socket and parses incoming HTTP requests from cli

Pierre Krieger 840 Jan 1, 2023
A fast, boilerplate free, web framework for Rust

Tower Web A web framework for Rust with a focus on removing boilerplate. API Documentation Tower Web is: Fast: Fully asynchronous, built on Tokio and

Carl Lerche 969 Dec 22, 2022
Sincere is a micro web framework for Rust(stable) based on hyper and multithreading

The project is no longer maintained! Sincere Sincere is a micro web framework for Rust(stable) based on hyper and multithreading. Style like koa. The

null 94 Oct 26, 2022
Source Code for 'Practical Rust Web Projects' by Shing Lyu

Apress Source Code This repository accompanies Practical Rust Web Projects by Shing Lyu (Apress, 2021). Download the files as a zip using the green bu

Apress 44 Nov 17, 2022
A web application completely written in Rust. 🌍

WebApp.rs A web application completely written in Rust Target of this project is to write a complete web application including backend and frontend wi

Sascha Grunert 2.1k Dec 30, 2022
Web Server made with Rust - for learning purposes

Web Server made with Rust - for learning purposes

Lílian 2 Apr 25, 2022
Archibald is my attempt at learning Rust and writing a HTTP 1.1 web server.

Archibald To be a butler, is to be able to maintain an even-temper, at all times. One must have exceptional personal hygiene and look sharp and profes

Daniel Cuthbert 4 Jun 20, 2022
Salvo is a powerful and simplest web server framework in Rust world

Salvo is an extremely simple and powerful Rust web backend framework. Only basic Rust knowledge is required to develop backend services.

Salvo 1.2k Jan 5, 2023
VRS is a simple, minimal, free and open source static web server written in Rust

VRS is a simple, minimal, free and open source static web server written in Rust which uses absolutely no dependencies and revolves around Rust's std::net built-in utility.

null 36 Nov 8, 2022
Example Blog using Rust, Actix Web, HTMX, Mustache

Actix Blog An example blog built with Actix. It uses htmx and handlebar templates. Running To run the blog, you need to have a recent version of Rust

Dru Jensen 2 Nov 11, 2022
Actix-web wrapper for garde, a Rust validation library.

Garde-actix-web   Actix-web wrapper for garde, a Rust validation library. Installation Usage example Feature flags About us Installation [dependencies

Netwo 5 Sep 8, 2023
Rust + htmx + tailwind + nix + redb + twind demo web app

htmx sorta A demo project where I learn and play with my "Rust web stack": Rust Nix flakes for building and dev shell redb Rust local key-value store

Rustshop 19 Oct 5, 2023
The light web framework for Rust.

Rusty Web Rusty web is a simple to use, fully customizable lightweight web framework for rust developers. Learn rusty web Installation [dependencies]

Tej Magar 5 Feb 27, 2024