slowli / jwt-compact Goto Github PK
View Code? Open in Web Editor NEWCompact JWT implementation in Rust
License: Apache License 2.0
Compact JWT implementation in Rust
License: Apache License 2.0
Header
seems to be an easy target for such a conversion; Claims
and TimeOptions
less so, but also seem doable.
Would it be possible to have compact_token() implemented for Es256 / Es256k?
Not to have to implement this functionality by the enduser.
Looking at the implementation of compact_token() for Hs256 and implement it based on that.
If I am not mistaken, there is no support for rsa with no_std.
In fact, in Cargo.toml default features for the rsa
package are not disabled, and the random generator OsRng
is used in the rsa.rs source file (e.g., here).
I have prepared a small PR to support no_std with rsa, but I think clippy is complaining.
On my side, I validated the change by creating a Rust package without std support that depends on the modified version of jwt-compact
and everything seems to work fine: I can correctly create and verify RS256 JWTs.
I will open the PR and... happy to discuss!
currently can only get header and claims but not signature
i'd like to be able to use ed25519_dalek
with the signature bytes and signature directly
Currently the signature contains: struct TimeOptions<F = fn() -> DateTime<Utc>>
. I would like to propose using Fn
instead of fn
the same way as it is defined in the impl block containing the new
function. This would allow using closures as well as function pointers (which are already supported).
When using the package as default you get a compile time error with serde_cbor.
error[E0277]: the trait bound `error::Error: StdError` is not satisfied
--> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde_cbor-0.11.2/src/error.rs:221:6
|
221 | impl de::Error for Error {
| ^^^^^^^^^ the trait `StdError` is not implemented for `error::Error`
|
note: required by a bound in `serde::de::Error`
--> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde-1.0.130/src/de/mod.rs:297:1
|
297 | declare_error_trait!(Error: Sized + StdError);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `serde::de::Error`
= note: this error originates in the macro `declare_error_trait` (in Nightly builds, run with -Z macro-backtrace for more info)
error[E0277]: the trait bound `error::Error: StdError` is not satisfied
--> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde_cbor-0.11.2/src/error.rs:235:6
|
235 | impl ser::Error for Error {
| ^^^^^^^^^^ the trait `StdError` is not implemented for `error::Error`
|
note: required by a bound in `serde::ser::Error`
--> /Users/xandermay/.cargo/registry/src/github.com-1ecc6299db9ec823/serde-1.0.130/src/ser/mod.rs:183:1
|
183 | declare_error_trait!(Error: Sized + StdError);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `serde::ser::Error`
= note: this error originates in the macro `declare_error_trait` (in Nightly builds, run with -Z macro-backtrace for more info)
I'm compiling for WASM (cloudflare worker), heres my cargo file
[dependencies]
cfg-if = "0.1.2"
worker = "0.0.7"
worker-kv = "0.4.0"
serde = {version = "1.0", features = ["derive"] }
serde_json = "1.0.67"
rust-argon2 = "0.8"
getrandom = { version = "0.2.3", features = ["js"] }
rand = {version = "0.8.4"}
chrono = {version = "0.4", features=["wasmbind", "js-sys"]}
jwt-compact = {version="0.5.0"}
Removing default for this package via
jwt-compact = {version="0.5.0", default-features = false}
resolves the issue
For example, an absent claim in NoClaim
, a real algorithm for AlgorithmMismatch
, etc.
Hello @slowli
I have a problem with the download and build the crate.
My compiler: rust 1.54 (required by yocto).
Cargo.toml
[package]
name = "jwt_tests"
version = "0.1.0"
edition = "2018"
[dependencies]
jwt-compact = "0.6.0"
Log:
$ cargo +1.54 b
Blocking waiting for file lock on package cache
Updating crates.io index
error: failed to select a version for the requirement `jwt-compact = "=0.6.0"`
candidate versions found which didn't match: 0.5.0, 0.4.0, 0.3.0, ...
location searched: crates.io index
required by package `speedy_tests v0.1.0 (/home/mhanusek/work/code/rnd/jwt_tests)`
For jwt-compact = "0.5.0"
:
$cargo +1.54 b
Blocking waiting for file lock on build directory
Compiling jwt-compact v0.5.0
error[E0277]: the trait bound `serde_json::Error: std::error::Error` is not satisfied
--> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:46:46
|
46 | Self::MalformedHeader(e) => Some(e),
| ^ the trait `std::error::Error` is not implemented for `serde_json::Error`
|
= note: required for the cast to the object type `dyn std::error::Error`
error[E0277]: the trait bound `serde_json::Error: std::error::Error` is not satisfied
--> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:143:46
|
143 | Self::MalformedClaims(e) => Some(e),
| ^ the trait `std::error::Error` is not implemented for `serde_json::Error`
|
= note: required for the cast to the object type `dyn std::error::Error`
error[E0277]: the trait bound `serde_cbor::Error: std::error::Error` is not satisfied
--> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:145:50
|
145 | Self::MalformedCborClaims(e) => Some(e),
| ^ the trait `std::error::Error` is not implemented for `serde_cbor::Error`
|
= note: required for the cast to the object type `dyn std::error::Error`
error[E0277]: the trait bound `serde_json::Error: std::error::Error` is not satisfied
--> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:180:55
|
180 | Self::Header(e) | Self::Claims(e) => Some(e),
| ^ the trait `std::error::Error` is not implemented for `serde_json::Error`
|
= note: required for the cast to the object type `dyn std::error::Error`
error[E0277]: the trait bound `serde_cbor::Error: std::error::Error` is not satisfied
--> /home/mhanusek/.cargo/registry/src/github.com-1ecc6299db9ec823/jwt-compact-0.5.0/src/error.rs:182:41
|
182 | Self::CborClaims(e) => Some(e),
| ^ the trait `std::error::Error` is not implemented for `serde_cbor::Error`
|
= note: required for the cast to the object type `dyn std::error::Error`
error: aborting due to 5 previous errors
For more information about this error, try `rustc --explain E0277`.
error: could not compile `jwt-compact`
Currently, there is no way to split the Token
into the respective header and claims.
This is a problem because this means in order to get an owned value of the claims type from the token you have to clone them (unnecessary allocation and trait bound).
While key parsing / serialization are now encapsulated into SigningKey
/ VerifyingKey
traits, key generation is not covered by any trait.
See #12 for context.
When importing use jwt_compact::alg::Ed25519; I get the shown error. I am on version 0.7.0. Has Ed25519 been moved to some other module?
We're trying to use jwt-compact together with an esp32c6 (with std support).
Hs256 works just fine (builds, runs, verifies), but we want to use P265 / ES256 instead.
However, just adding the "p265" feature makes the compilation fail:
Compiling jwt-compact v0.8.0
error[E0599]: no variant or associated item named `ensure_curve` found for enum `JsonWebKey` in the current scope
--> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:115:21
|
115 | JsonWebKey::ensure_curve(curve, "P-256")?;
| ^^^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
|
::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
|
225 | pub enum JsonWebKey<'a> {
| ----------------------- variant or associated item `ensure_curve` not found for this enum
error[E0599]: no variant or associated item named `ensure_len` found for enum `JsonWebKey` in the current scope
--> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:116:21
|
116 | JsonWebKey::ensure_len("x", x, COORDINATE_SIZE)?;
| ^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
|
::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
|
225 | pub enum JsonWebKey<'a> {
| ----------------------- variant or associated item `ensure_len` not found for this enum
error[E0599]: no variant or associated item named `ensure_len` found for enum `JsonWebKey` in the current scope
--> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:117:21
|
117 | JsonWebKey::ensure_len("y", y, COORDINATE_SIZE)?;
| ^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
|
::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
|
225 | pub enum JsonWebKey<'a> {
| ----------------------- variant or associated item `ensure_len` not found for this enum
error[E0599]: no variant or associated item named `ensure_len` found for enum `JsonWebKey` in the current scope
--> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:143:21
|
143 | JsonWebKey::ensure_len("d", sk_bytes, 32)?;
| ^^^^^^^^^^ variant or associated item not found in `JsonWebKey<'_>`
|
::: /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/jwk.rs:225:1
|
225 | pub enum JsonWebKey<'a> {
| ----------------------- variant or associated item `ensure_len` not found for this enum
error[E0599]: no method named `ensure_key_match` found for reference `&JsonWebKey<'_>` in the current scope
--> /home/leon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0/src/alg/p256.rs:147:13
|
147 | jwk.ensure_key_match(sk)
| ^^^^^^^^^^^^^^^^ method not found in `&JsonWebKey<'_>`
For more information about this error, try `rustc --explain E0599`.
error: could not compile `jwt-compact` (lib) due to 5 previous errors
warning: build failed, waiting for other jobs to finish...
jwt-compact = {version = "0.8.0" }
-> compiles finejwt-compact = {version = "0.8.0", features = ["p256"] }
-> does not compileNo compilation errors.
Hi!
It appears that b704bbc broke no_std
builds:
Error[E0277]: the trait bound `TryFromSliceError: anyhow::context::ext::StdError` is not satisfied
--> /Users/eran/.cargo/git/checkouts/jwt-compact-7d6b26fe8c7e1ae6/0e89cd2/src/alg/eddsa_dalek.rs:74:14
|
74 | .context("Ed25519 public key has unexpected length")?;
| ^^^^^^^ the trait `anyhow::context::ext::StdError` is not implemented for `TryFromSliceError`
|
= help: the trait `anyhow::context::ext::StdError` is implemented for `anyhow::Error`
= note: required for `Result<&[u8; 32], TryFromSliceError>` to implement `anyhow::context::private::Sealed`
note: required by a bound in `context`
--> /Users/eran/.cargo/registry/src/github.com-1ecc6299db9ec823/anyhow-1.0.75/src/lib.rs:601:26
|
601 | pub trait Context<T, E>: context::private::Sealed {
| ^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `Context::context`
For more information about this error, try `rustc --explain E0277`.
error: could not compile `jwt-compact` due to previous error
I am seeing this in an empty library crate that just has #![no_std]
and jwt-compact = { git = "https://github.com/slowli/jwt-compact", rev = "0e89cd285d5f525d9e5a08c0e833057fb77ac8bb", default-features = false, features = ["ed25519-dalek"] }
as a dependency.
Thanks!
I have a JWKS URL. From there I want to extract JWK and then do the integrity check. My JWK key is kty: RSA and alg: RS256
I could do the following:
let data: Value = reqwest::blocking::get(&config.jks_uri).unwrap().json().unwrap();
let key: JsonWebKey = serde_json::from_str(&*data["keys"][0].to_string()).unwrap();
I am stuck after I got the key as JsonWebKey how to convert it to StrongKey so that I can do validate_integrity on Rsa::ps256
Any plan to support ES256: ECDSA over P256 / SHA-256
?
I am currently relying on some changes to this crate in my crate actix-jwt-auth-middleware
that have not been published. Could you maybe do a minor version bump to allow me to publish my crate to crates.io using the new changes?
In particular, I am looking to use the code added in this commit b36dc02.
Hi!
jwt_compact
provides helpers to generate symmetric keys for HS256
/HS384
/HS512
.
However, it doesn't expose anything similar ECDSA/EdDSA/RSA signatures.
This forces applications to also import and use the low-level underlying implementations. Even in the jwt-compact
test suite, this is not convenient, as individual tests have to be written according to every possible backend.
Would you be opposed to exposing a backend-agnostic API to import, export and generate asymmetric keys?
JWT RFC defines the header to be either of JWS or JWE - reference
If we look at RFC for JOSE header in JWS https://www.rfc-editor.org/rfc/rfc7515 - section 4.2, 4.3 it allows aribtrary keys to be defined in jwt header part of payload as long as consumers and producers ensure no collisions in keyspace.
Don't think it is possible with current Header
implementation. It has common fields defined via Serde, but think aribtrary ones will be ignored. Can we add custom option like we do in case of Claims
?
/// Custom claims.
#[serde(flatten)]
pub custom: T,
Hi, we are getting an error when parsing a JWT, which looks like:
Malformed token header: invalid length 40, expected base64url-encoded digest at line 1 column 147
The library is expecting a 20 byte value as a result of base64, url-encoding the SHA-1 binary certificate's fingerprint.
But, the problem seems to be that there are providers that are using the hexa fingerprint (D2:7A:E1:4B:A2:40:BA:67:34:38:64:78:84:0A:52:7D:61:0E:70:F9) instead of the binary, which results in longer values. As an example, Auth0 seems to be doing this
Other JWT libraries are not facing this issue, since they are using a String to hold that value, for example jsonwebtoken
Would it be possible to remove the array capacity from the x5t and x5t#S256 fields, so they are more flexible?
We can contribute the changes if needed.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.