slowli / jwt-compact Goto Github PK

View Code? Open in Web Editor NEW

49.0 3.0 14.0 1.7 MB

Compact JWT implementation in Rust

License: Apache License 2.0

Rust 98.82% JavaScript 1.14% RPC 0.04%

jwt elliptic-curves cbor

jwt-compact's People

Contributors

Stargazers

Watchers

Forkers

isgasho jonnycrunch micheleminelli muenchow shimunn digikata junkurihara icodein cbeck88 bngreen mobilecoinofficial lrazovic cjs77

jwt-compact's Issues

Make more types non-exhaustive

Header seems to be an easy target for such a conversion; Claims and TimeOptions less so, but also seem doable.

Feature request

Would it be possible to have compact_token() implemented for Es256 / Es256k?

Why?

Not to have to implement this functionality by the enduser.

Alternatives

Looking at the implementation of compact_token() for Hs256 and implement it based on that.

no_std support for rsa

If I am not mistaken, there is no support for rsa with no_std.

In fact, in Cargo.toml default features for the rsa package are not disabled, and the random generator OsRng is used in the rsa.rs source file (e.g., here).

I have prepared a small PR to support no_std with rsa, but I think clippy is complaining.
On my side, I validated the change by creating a Rust package without std support that depends on the modified version of jwt-compact and everything seems to work fine: I can correctly create and verify RS256 JWTs.

I will open the PR and... happy to discuss!

ability to extract signature and signed bytes from Token/UntrustedToken

currently can only get header and claims but not signature

i'd like to be able to use ed25519_dalek with the signature bytes and signature directly

Consider relaxing signature of struct TimeOptions

Currently the signature contains: struct TimeOptions<F = fn() -> DateTime<Utc>> . I would like to propose using Fn instead of fn the same way as it is defined in the impl block containing the new function. This would allow using closures as well as function pointers (which are already supported).

Compiling with CBOR support causes compile time errors from `serde_cbor`

Whats happening?

When using the package as default you get a compile time error with serde_cbor.

Error

error[E0277]: the trait bound `error::Error: StdError` is not satisfied
   --> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde_cbor-0.11.2/src/error.rs:221:6
    |
221 | impl de::Error for Error {
    |      ^^^^^^^^^ the trait `StdError` is not implemented for `error::Error`
    |
note: required by a bound in `serde::de::Error`
   --> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde-1.0.130/src/de/mod.rs:297:1
    |
297 | declare_error_trait!(Error: Sized + StdError);
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `serde::de::Error`
    = note: this error originates in the macro `declare_error_trait` (in Nightly builds, run with -Z macro-backtrace for more info)

error[E0277]: the trait bound `error::Error: StdError` is not satisfied
   --> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde_cbor-0.11.2/src/error.rs:235:6
    |
235 | impl ser::Error for Error {
    |      ^^^^^^^^^^ the trait `StdError` is not implemented for `error::Error`
    |
note: required by a bound in `serde::ser::Error`
   --> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde-1.0.130/src/ser/mod.rs:183:1
    |
183 | declare_error_trait!(Error: Sized + StdError);
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `serde::ser::Error`
    = note: this error originates in the macro `declare_error_trait` (in Nightly builds, run with -Z macro-backtrace for more info)

Cargo File

I'm compiling for WASM (cloudflare worker), heres my cargo file

[dependencies]
cfg-if = "0.1.2"
worker = "0.0.7"
worker-kv = "0.4.0"
serde = {version = "1.0", features = ["derive"] }
serde_json = "1.0.67"
rust-argon2 = "0.8"
getrandom = { version = "0.2.3", features = ["js"] }
rand = {version = "0.8.4"}
chrono = {version = "0.4", features=["wasmbind", "js-sys"]}
jwt-compact = {version="0.5.0"}

Temporary resolution

Removing default for this package via

jwt-compact = {version="0.5.0", default-features = false}

resolves the issue

Add more details in `ValidationError`

For example, an absent claim in NoClaim, a real algorithm for AlgorithmMismatch, etc.

Problem with the download crate v0.6.0

Hello @slowli
I have a problem with the download and build the crate.

My compiler: rust 1.54 (required by yocto).

Cargo.toml

[package]
name = "jwt_tests"
version = "0.1.0"
edition = "2018"

[dependencies]
jwt-compact = "0.6.0"

Log:

$ cargo +1.54 b
    Blocking waiting for file lock on package cache
    Updating crates.io index
error: failed to select a version for the requirement `jwt-compact = "=0.6.0"`
candidate versions found which didn't match: 0.5.0, 0.4.0, 0.3.0, ...
location searched: crates.io index
required by package `speedy_tests v0.1.0 (/home/mhanusek/work/code/rnd/jwt_tests)`

For jwt-compact = "0.5.0" :

$cargo +1.54 b
    Blocking waiting for file lock on build directory
   Compiling jwt-compact v0.5.0
error[E0277]: the trait bound `serde_json::Error: std::error::Error` is not satisfied
  --> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:46:46
   |
46 |             Self::MalformedHeader(e) => Some(e),
   |                                              ^ the trait `std::error::Error` is not implemented for `serde_json::Error`
   |
   = note: required for the cast to the object type `dyn std::error::Error`

error[E0277]: the trait bound `serde_json::Error: std::error::Error` is not satisfied
   --> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:143:46
    |
143 |             Self::MalformedClaims(e) => Some(e),
    |                                              ^ the trait `std::error::Error` is not implemented for `serde_json::Error`
    |
    = note: required for the cast to the object type `dyn std::error::Error`

error[E0277]: the trait bound `serde_cbor::Error: std::error::Error` is not satisfied
   --> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:145:50
    |
145 |             Self::MalformedCborClaims(e) => Some(e),
    |                                                  ^ the trait `std::error::Error` is not implemented for `serde_cbor::Error`
    |
    = note: required for the cast to the object type `dyn std::error::Error`

error[E0277]: the trait bound `serde_json::Error: std::error::Error` is not satisfied
   --> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:180:55
    |
180 |             Self::Header(e) | Self::Claims(e) => Some(e),
    |                                                       ^ the trait `std::error::Error` is not implemented for `serde_json::Error`
    |
    = note: required for the cast to the object type `dyn std::error::Error`

error[E0277]: the trait bound `serde_cbor::Error: std::error::Error` is not satisfied
   --> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:182:41
    |
182 |             Self::CborClaims(e) => Some(e),
    |                                         ^ the trait `std::error::Error` is not implemented for `serde_cbor::Error`
    |
    = note: required for the cast to the object type `dyn std::error::Error`

error: aborting due to 5 previous errors

For more information about this error, try `rustc --explain E0277`.
error: could not compile `jwt-compact`

No way of splitting token into parts

Currently, there is no way to split the Token into the respective header and claims.

This is a problem because this means in order to get an owned value of the claims type from the token you have to clone them (unnecessary allocation and trait bound).

Investigate key generation as a trait

While key parsing / serialization are now encapsulated into SigningKey / VerifyingKey traits, key generation is not covered by any trait.

See #12 for context.

unresolved import `jwt_compact::alg::Ed25519` no `Ed25519` in `alg`

When importing use jwt_compact::alg::Ed25519; I get the shown error. I am on version 0.7.0. Has Ed25519 been moved to some other module?

jwt-compact does not build with p265 feature on riscv32imac-esp-espidf

Bug report

We're trying to use jwt-compact together with an esp32c6 (with std support).
Hs256 works just fine (builds, runs, verifies), but we want to use P265 / ES256 instead.
However, just adding the "p265" feature makes the compilation fail:

   Compiling jwt-compact v0.8.0
error[E0599]: no variant or associated item named `ensure_curve` found for enum `JsonWebKey` in the current scope
   --> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:115:21
    |
115 |         JsonWebKey::ensure_curve(curve, "P-256")?;
    |                     ^^^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
    |
   ::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
    |
225 | pub enum JsonWebKey<'a> {
    | ----------------------- variant or associated item `ensure_curve` not found for this enum

error[E0599]: no variant or associated item named `ensure_len` found for enum `JsonWebKey` in the current scope
   --> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:116:21
    |
116 |         JsonWebKey::ensure_len("x", x, COORDINATE_SIZE)?;
    |                     ^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
    |
   ::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
    |
225 | pub enum JsonWebKey<'a> {
    | ----------------------- variant or associated item `ensure_len` not found for this enum

error[E0599]: no variant or associated item named `ensure_len` found for enum `JsonWebKey` in the current scope
   --> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:117:21
    |
117 |         JsonWebKey::ensure_len("y", y, COORDINATE_SIZE)?;
    |                     ^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
    |
   ::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
    |
225 | pub enum JsonWebKey<'a> {
    | ----------------------- variant or associated item `ensure_len` not found for this enum

error[E0599]: no variant or associated item named `ensure_len` found for enum `JsonWebKey` in the current scope
   --> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:143:21
    |
143 |         JsonWebKey::ensure_len("d", sk_bytes, 32)?;
    |                     ^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
    |
   ::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
    |
225 | pub enum JsonWebKey<'a> {
    | ----------------------- variant or associated item `ensure_len` not found for this enum

error[E0599]: no method named `ensure_key_match` found for reference `&JsonWebKey<'_>` in the current scope
   --> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:147:13
    |
147 |         jwk.ensure_key_match(sk)
    |             ^^^^^^^^^^^^^^^^ method not found in `&JsonWebKey<'_>`

For more information about this error, try `rustc --explain E0599`.
error: could not compile `jwt-compact` (lib) due to 5 previous errors
warning: build failed, waiting for other jobs to finish...

Steps to reproduce

Generate a project with https://github.com/esp-rs/esp-idf-template -> Select esp32c6 as target and enable std support (default).
Add jwt-compact as jwt-compact = {version = "0.8.0" } -> compiles fine
Add p265 feature jwt-compact = {version = "0.8.0", features = ["p256"] } -> does not compile

Expected behavior

No compilation errors.

no_std build is broken

Hi!

It appears that b704bbc broke no_std builds:

Error[E0277]: the trait bound `TryFromSliceError: anyhow::context::ext::StdError` is not satisfied
   --> /Users/eran/.cargo/git/checkouts/jwt-compact-7d6b26fe8c7e1ae6/0e89cd2/src/alg/eddsa_dalek.rs:74:14
    |
74  |             .context("Ed25519 public key has unexpected length")?;
    |              ^^^^^^^ the trait `anyhow::context::ext::StdError` is not implemented for `TryFromSliceError`
    |
    = help: the trait `anyhow::context::ext::StdError` is implemented for `anyhow::Error`
    = note: required for `Result<&[u8; 32], TryFromSliceError>` to implement `anyhow::context::private::Sealed`
note: required by a bound in `context`
   --> /Users/eran/.cargo/registry/src/github.com-1ecc6299db9ec823/anyhow-1.0.75/src/lib.rs:601:26
    |
601 | pub trait Context<T, E>: context::private::Sealed {
    |                          ^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `Context::context`

For more information about this error, try `rustc --explain E0277`.
error: could not compile `jwt-compact` due to previous error

I am seeing this in an empty library crate that just has #![no_std] and jwt-compact = { git = "https://github.com/slowli/jwt-compact", rev = "0e89cd285d5f525d9e5a08c0e833057fb77ac8bb", default-features = false, features = ["ed25519-dalek"] } as a dependency.

Thanks!

How to convert JsonWebKey to RSA

I have a JWKS URL. From there I want to extract JWK and then do the integrity check. My JWK key is kty: RSA and alg: RS256

I could do the following:

let data: Value = reqwest::blocking::get(&config.jks_uri).unwrap().json().unwrap();
let key: JsonWebKey = serde_json::from_str(&*data["keys"][0].to_string()).unwrap();

I am stuck after I got the key as JsonWebKey how to convert it to StrongKey so that I can do validate_integrity on Rsa::ps256

Support ES256

Any plan to support ES256: ECDSA over P256 / SHA-256 ?

Version Bump to 0.6.1

I am currently relying on some changes to this crate in my crate actix-jwt-auth-middleware that have not been published. Could you maybe do a minor version bump to allow me to publish my crate to crates.io using the new changes?

In particular, I am looking to use the code added in this commit b36dc02.

Key pairs import/export/generation

Hi!

jwt_compact provides helpers to generate symmetric keys for HS256/HS384/HS512.

However, it doesn't expose anything similar ECDSA/EdDSA/RSA signatures.

This forces applications to also import and use the low-level underlying implementations. Even in the jwt-compact test suite, this is not convenient, as individual tests have to be written according to every possible backend.

Would you be opposed to exposing a backend-agnostic API to import, export and generate asymmetric keys?

Extracting arbitrary key from jwt header

JWT RFC defines the header to be either of JWS or JWE - reference

If we look at RFC for JOSE header in JWS https://www.rfc-editor.org/rfc/rfc7515 - section 4.2, 4.3 it allows aribtrary keys to be defined in jwt header part of payload as long as consumers and producers ensure no collisions in keyspace.

Don't think it is possible with current Header implementation. It has common fields defined via Serde, but think aribtrary ones will be ignored. Can we add custom option like we do in case of Claims?

/// Custom claims.
#[serde(flatten)]
pub custom: T,

x5t fails to parse depending on semantics used to generate it

Hi, we are getting an error when parsing a JWT, which looks like:

Malformed token header: invalid length 40, expected base64url-encoded digest at line 1 column 147

The library is expecting a 20 byte value as a result of base64, url-encoding the SHA-1 binary certificate's fingerprint.

But, the problem seems to be that there are providers that are using the hexa fingerprint (D2:7A:E1:4B:A2:40:BA:67:34:38:64:78:84:0A:52:7D:61:0E:70:F9) instead of the binary, which results in longer values. As an example, Auth0 seems to be doing this

Other JWT libraries are not facing this issue, since they are using a String to hold that value, for example jsonwebtoken

Would it be possible to remove the array capacity from the x5t and x5t#S256 fields, so they are more flexible?

We can contribute the changes if needed.