A minimal jwt implementation for OIDC

Overview

Compact JWT

Json Web Tokens (JWT) are a popular method for creating signed transparent tokens that can be verified by clients and servers. They are enshrined in standards like OpenID Connect which causes them to be a widespread and required component of many modern web authentication system.

JWT and Json Web Signature (JWS) however have a long track record of handling issues, which have led to security issues. This library will not be a complete implementation of JWT/JWS, instead focusing on a minimal subset that can be secured and audited for correctness more closely within a limited set of use cases.

When should I use this library?

If you wish to create ECDSA signed JWT tokens, or verify ECDSA signed JWT tokens, this library is for you.

If you are implementing OIDC as a relying party or authorisation server, this library is for you.

If you want to use HMAC signatures, have a full JWS implementation, or have the non-compact (JSON) serialisation support, this library is not what you want.

Why another JWT library?

There are already many other libraries for JWT on crates.io however they each have a limitation or design that conflicts with the project goals in Kanidm. Examples are:

  • Incorrect Implementations - There are a number of JWT libraries in Rust that are incorrect to the RFC or do not have RFC vector tests
  • Ring as the sole cryptographic provider - we need to use OpenSSL
  • Only supporting RSA/Weak cryptographic algos - We want to use ECDSA
  • Full JWS implementation - As mentioned, JWS has a number of sharp edges like alg=none

As a result, nothing "fit" what we wanted, so we are making another library.

You might also like...
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK This repository contains a Rust implementation of a FIDO2 authenticator. We developed this as a Tock OS application and it has been successfull

ROCCA cipher implementation for Rust.

ROCCA for Rust This is a Rust implementation of the ROCCA authenticated cipher, ported from the Zig implementation. ROCCA is key committing, has a 256

RSA implementation in pure Rust

RSA A portable RSA implementation in pure Rust. ⚠️ WARNING: This crate has been audited by a 3rd party, but a full blog post with the results and the

Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

A HTTP Filter checking for OIDC Authentication, made for Envoy Plugins, written in Rust

WASM OIDC Plugin A plugin for Envoy written in Rust. It is a HTTP Filter, that implements the OIDC Authorization Code Flow. Requests sent to the filte

A high-performance Lambda authorizer for API Gateway that can validate OIDC tokens
A high-performance Lambda authorizer for API Gateway that can validate OIDC tokens

oidc-authorizer A high-performance token-based API Gateway authorizer Lambda that can validate OIDC-issued JWT tokens. 🤌 Use case This project provid

WebCipher - JWT encryption/decryption algorithms + a JWK Store implementation

webcipher provides JWT authentication utilities and storage mechanism for caching keys and optimizing decryption/encryption processes.

SD-JWT Rust Reference Implementation

SD-JWT Rust Reference Implementation This is the reference implementation of the IETF SD-JWT specification written in Rust. Supported version: 6. Note

JWT lib in rust

jsonwebtoken API documentation on docs.rs See JSON Web Tokens for more information on what JSON Web Tokens are. Installation Add the following to Carg

Highly flexible library to manage and orchestrate JWT workflow

JWT Vault Highly flexible library to manage and orchestrate JWT workflow Examples | Website | Chat TODO Add more examples Improve coverage Features Ma

vault client using jwt authentication that define environment variables from vault secrets before executing into something else

envlt envlt, like env, allows you to define environment variables and then execute into something else, but instead of static values, it uses using si

Simple backend app with Actix-web, JWT and MongoDB

Actix Web JWT Example Simple backend app with Actix-web, JWT and MongoDB (JWT Token, Protect Route, Login & Register) While developing the web service

A Rust Boilerplate server with GraphQL API, Diesel, PostgreSQL, session authentication and JWT
A Rust Boilerplate server with GraphQL API, Diesel, PostgreSQL, session authentication and JWT

Canduma rust Graphql A Rust authentication server with GraphQL API, Diesel, PostgreSQL session authentication and JWT This repository contains a Graph

CRUD system of book-management with ORM and JWT for educational purposes.

Book management English | 中文 Required Rust MySQL 5.7 Usage Execute init.sql to create tables. Set environment variable DATABASE_URL and JWT_SECRET in

Simple RESTful API in rust created with actix-web. (Routing, models, JWT auth).

rust-simple-api Simple RESTful API created with rust, actix-web, Diesel, JWT. Running application Manual Firstly generate a secret.key which will be u

Rust - JWT Authentication with Actix Web

In this article, we will delve into the implementation of JWT authentication in Rust, covering all crucial steps from generating and verifying JWT tokens with the HS256 algorithm, to registering users, signing them in, logging them out, and safeguarding private routes.

JWT Authentication in Rust using Axum Framework

Are you interested in building a secure authentication system for your Rust web application? Look no further than the Axum framework and JSON Web Tokens (JWTs)! Axum is a fast and scalable Rust web framework that provides a reliable and efficient platform for developing microservices and APIs.

A working, tested example for how to use Rust with warp and JWT

rust-jwt-example Example of JWT authentication and authorization in Rust using Warp Login curl http://localhost:8000/login -d '{"email": "user@userlan

An API project using Rust, Actix Web and JWT. *WIP*

Actix-web REST API with JWT (WIP) A simple CRUD backend app using Actix-web, Diesel and JWT Require Rust Stable Postgres Or using Docker How to run Ma

Comments
  • Draft wip of x5c keys

    Draft wip of x5c keys

    Implements # .

    • [ ] cargo fmt has been run
    • [ ] cargo test has been run and passes
    • [ ] documentation has been updated with relevant examples (if relevant)
    opened by ericmarkmartin 1
  • Loads of println!()'s in the recent version

    Loads of println!()'s in the recent version

    It's dumping loads of internal info in kanidm's logs 😢

    Looks to be these lines:

    https://github.com/kanidm/compact-jwt/commit/86232c1ccb7a7ba688c04e873911593dd2d3d2e4#diff-35315b0daa0b6640dfe8f3f8c497b05f4e3aac96998ed13f79a6a600cfac4499R608-R657

    Can we change them to debug!()'s or something? 😄

    bug 
    opened by yaleman 0
  • X5c

    X5c

    Implements x5c support

    • [ x ] cargo fmt has been run
    • [ ] cargo test has been run and passes
    • [ ] documentation has been updated with relevant examples (if relevant)
    opened by Firstyear 0
Owner
Kanidm
Kanidm Identity Management Project
Kanidm
WebCipher - JWT encryption/decryption algorithms + a JWK Store implementation

webcipher provides JWT authentication utilities and storage mechanism for caching keys and optimizing decryption/encryption processes.

Wavy 1 May 1, 2022
SD-JWT Rust Reference Implementation

SD-JWT Rust Reference Implementation This is the reference implementation of the IETF SD-JWT specification written in Rust. Supported version: 6. Note

OpenWallet Foundation Labs 4 Dec 19, 2023
JWT lib in rust

jsonwebtoken API documentation on docs.rs See JSON Web Tokens for more information on what JSON Web Tokens are. Installation Add the following to Carg

Vincent Prouillet 1.1k Jan 3, 2023
Highly flexible library to manage and orchestrate JWT workflow

JWT Vault Highly flexible library to manage and orchestrate JWT workflow Examples | Website | Chat TODO Add more examples Improve coverage Features Ma

Saurav Gupta 65 Nov 8, 2022
vault client using jwt authentication that define environment variables from vault secrets before executing into something else

envlt envlt, like env, allows you to define environment variables and then execute into something else, but instead of static values, it uses using si

Eric Burghard 6 Nov 13, 2022
Simple backend app with Actix-web, JWT and MongoDB

Actix Web JWT Example Simple backend app with Actix-web, JWT and MongoDB (JWT Token, Protect Route, Login & Register) While developing the web service

Emre 124 Dec 31, 2022
An oauth2 client implementation providing the Device, Installed and Service Account flows.

yup-oauth2 is a utility library which implements several OAuth 2.0 flows. It's mainly used by google-apis-rs, to authenticate against Google services.

Lewin Bormann 174 Dec 30, 2022
An implementation for an authentication API for Rocket applications.

rocket_auth rocket_auth provides a ready-to-use backend agnostic API for authentication management. For more information visit the documentation at ht

null 62 Dec 19, 2022
A paseto implementation in rust.

Paseto Rust Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards. This is d

Instructure, Inc. 145 Nov 7, 2022
An implementation of webauthn components for Rustlang servers

Webauthn-rs Webauthn is a modern approach to hardware based authentication, consisting of a user with an authenticator device, a browser or client tha

Kanidm 232 Jan 8, 2023