docs: Update README to match new library API
This commit is contained in:
Vincent Ambo
parent
dd527ecdf1
commit
29dfb6826f
2 changed files with 26 additions and 31 deletions
46
README.md
46
README.md
|
|
@ -1,8 +1,8 @@
|
|||
alcoholic_jwt
|
||||
=============
|
||||
|
||||
This is a barebones library for **validation** of **RS256** JWTs using
|
||||
keys from a JWKS. Nothing more, nothing less.
|
||||
This is a library for **validation** of **RS256** JWTs using keys from
|
||||
a JWKS. Nothing more, nothing less.
|
||||
|
||||
The name of the library stems from the potential side-effects of
|
||||
trying to use the other Rust libraries that are made for similar
|
||||
|
|
@ -21,36 +21,28 @@ extern crate alcoholic_jwt;
|
|||
|
||||
use alcoholic_jwt::{JWKS, Validation, validate, token_kid};
|
||||
|
||||
fn validate_token() {
|
||||
// serde instances provided
|
||||
let jwks: JWKS = some_http_client(jwks_url).json();
|
||||
// The function implied here would usually perform an HTTP-GET
|
||||
// on the JWKS-URL for an authentication provider and deserialize
|
||||
// the result into the `alcoholic_jwt::JWKS`-struct.
|
||||
let jwks: JWKS = jwks_fetching_function();
|
||||
|
||||
let token: String = some_token_fetcher();
|
||||
let token: String = some_token_fetching_function();
|
||||
|
||||
// Several types of built-in validations are provided:
|
||||
let validations = vec![
|
||||
Validation::Issuer("some-issuer"),
|
||||
Validation::Audience("some-audience"),
|
||||
Validation::SubjectPresent,
|
||||
];
|
||||
// Several types of built-in validations are provided:
|
||||
let validations = vec![
|
||||
Validation::Issuer("auth.test.aprila.no".into()),
|
||||
Validation::SubjectPresent,
|
||||
];
|
||||
|
||||
// Extracting a KID is about the only safe operation that can be
|
||||
// done on a JWT before validating it.
|
||||
let kid = token_kid(token).expect("No 'kid' claim present in token");
|
||||
// If a JWKS contains multiple keys, the correct KID first
|
||||
// needs to be fetched from the token headers.
|
||||
let kid = token_kid(&token)
|
||||
.expect("Failed to decode token headers")
|
||||
.expect("No 'kid' claim present in token");
|
||||
|
||||
let jwk = jwks.find(kid).expect("Specified key not found in set");
|
||||
let jwk = jwks.find(&kid).expect("Specified key not found in set");
|
||||
|
||||
match validate(token, jwk, validations) {
|
||||
Valid => println!("Token is valid!"),
|
||||
InvalidSignature(reason) => println!("Token signature invalid: {}", reason),
|
||||
InvalidClaims(reasons) => {
|
||||
println!("Token claims are totally invalid!");
|
||||
for reason in reasons {
|
||||
println!("Validation failure: {}", reason);
|
||||
}
|
||||
},
|
||||
}
|
||||
}
|
||||
validate(token, jwk, validations).expect("Token validation has failed!");
|
||||
```
|
||||
|
||||
## Under the hood
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue