feat: add standard Claims for JWT

minkan-chat · Apr 13, 2024 · f1d1305 · f1d1305
1 parent dad2321
commit f1d1305
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 18 deletions.
diff --git a/src/jws.rs b/src/jws.rs
@@ -193,7 +193,7 @@ pub enum SignError<P> {
 ///
 /// [RFC 7515]: <https://datatracker.ietf.org/doc/html/rfc7515>
 #[derive(Debug)]
-pub struct JsonWebSignature<F: Format, T> {
+pub struct JsonWebSignature<F: Format, T = ()> {
     header: F::JwsHeader,
     payload: T,
 }

diff --git a/src/jwt.rs b/src/jwt.rs
@@ -1,20 +1,71 @@
-use crate::{format::Format, jwe::JsonWebEncryption, jws::JsonWebSignature};
+use alloc::string::String;
+
+use serde::{Deserialize, Serialize};
+
+use crate::JsonWebSignature;
 
 /// A JSON Web Token (JWT) as defined in [RFC 7519]
 ///
 /// [RFC 7519]: <https://datatracker.ietf.org/doc/html/rfc7519>
-#[derive(Debug)]
-#[allow(clippy::large_enum_variant)] // FIXME: should go away if `JsonWebEncryption` is implemented
-pub enum JsonWebToken<F: Format> {
-    /// A JSON Web Token that contains a JSON Web Encryption (JWE) as defined in
-    /// [RFC 7516]
+pub type JsonWebToken<F, A> = JsonWebSignature<F, Claims<A>>;
+
+/// The claims of a JSON Web Token (JWT) as defined in [RFC 7519].
+///
+/// The `A` type parameter is used to specify the type of the additional
+/// parameters of the claims. If no additional parameters are required,
+/// the unit type `()` can be used.
+///
+/// [RFC 7519]: <https://datatracker.ietf.org/doc/html/rfc7519>
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+pub struct Claims<A = ()> {
+    /// The "iss" (issuer) claim identifies the principal that issued the JWT.
+    ///
+    /// As defined in [RFC 7519 Section 4.1.1](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1).
+    #[serde(rename = "iss")]
+    pub issuer: Option<String>,
+
+    /// The "sub" (subject) claim identifies the principal that is the subject
+    /// of the JWT.
+    ///
+    /// As defined in [RFC 7519 Section 4.1.2](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2).
+    #[serde(rename = "sub")]
+    pub subject: Option<String>,
+
+    /// The "aud" (audience) claim identifies the recipients that the JWT is
+    /// intended for.
     ///
-    /// [RFC 7516]: <https://datatracker.ietf.org/doc/html/rfc7516>
-    JsonWebEncryption(JsonWebEncryption),
-    /// A JSON Web Token that contains a JSON Web Signature (JWS) as defined in
-    /// [RFC 7515]
+    /// As defined in [RFC 7519 Section 4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3).
+    #[serde(rename = "aud")]
+    pub audience: Option<String>,
+
+    /// The "exp" (expiration time) claim identifies the expiration time on or
+    /// after which the JWT MUST NOT be accepted for processing.
     ///
-    /// [RFC 7515]: <https://datatracker.ietf.org/doc/html/rfc7515>
-    // FIXME: maybe Box to avoid large stack allocation
-    JsonWebSignature(JsonWebSignature<F, ()>),
+    /// As defined in [RFC 7519 Section 4.1.4](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4).
+    #[serde(rename = "exp")]
+    pub expiration: Option<u64>,
+
+    /// The "nbf" (not before) claim identifies the time before which the JWT
+    /// MUST NOT be accepted for processing.
+    ///
+    /// As defined in [RFC 7519 Section 4.1.5](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5).
+    #[serde(rename = "nbf")]
+    pub not_before: Option<u64>,
+
+    /// The "iat" (issued at) claim identifies the time at which the JWT was
+    /// issued.
+    ///
+    /// As defined in [RFC 7519 Section 4.1.6](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6).
+    #[serde(rename = "iat")]
+    pub issued_at: Option<u64>,
+
+    /// The "jti" (JWT ID) claim provides a unique identifier for the JWT.
+    ///
+    /// As defined in [RFC 7519 Section 4.1.7](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7).
+    #[serde(rename = "jti")]
+    pub jwt_id: Option<String>,
+
+    /// Additional, potentially unregistered JWT claims.
+    #[serde(flatten)]
+    pub additional: A,
 }
diff --git a/src/lib.rs b/src/lib.rs
@@ -46,11 +46,14 @@ pub use base64_url::Base64UrlString;
 #[doc(inline)]
 pub use self::{header::JoseHeader, jwk::JsonWebKey, jws::JsonWebSignature, jwt::JsonWebToken};
 
-/// Type alias to make `JsonWebSignature` easier to access.
-pub type Jws<F, T> = JsonWebSignature<F, T>;
+/// Type alias to make [`JsonWebSignature`] easier to access.
+pub type Jws<F = format::Compact, T = ()> = JsonWebSignature<F, T>;
 
-/// Type alias to make `JsonWebToken` easier to access.
-pub type Jwt<F> = JsonWebToken<F>;
+/// Type alias to make [`JsonWebToken`] easier to access.
+pub type Jwt<F = format::Compact, A = ()> = JsonWebToken<F, A>;
+
+/// Type alias to make [`JsonWebKey`] easier to access.
+pub type Jwk<A = ()> = JsonWebKey<A>;
 
 /// This type is used when the type of the additional parameters
 /// of a [`JsonWebKey`], or a [`JoseHeader`] can not be