From f1d1305516944fcb6c61a77d07c90cb6c1c234c9 Mon Sep 17 00:00:00 2001 From: Justus K Date: Sat, 4 Nov 2023 16:44:10 +0100 Subject: [PATCH] feat: add standard `Claims` for JWT --- src/jws.rs | 2 +- src/jwt.rs | 77 +++++++++++++++++++++++++++++++++++++++++++++--------- src/lib.rs | 11 +++++--- 3 files changed, 72 insertions(+), 18 deletions(-) diff --git a/src/jws.rs b/src/jws.rs index 0355cde..4138187 100644 --- a/src/jws.rs +++ b/src/jws.rs @@ -193,7 +193,7 @@ pub enum SignError

{ /// /// [RFC 7515]: #[derive(Debug)] -pub struct JsonWebSignature { +pub struct JsonWebSignature { header: F::JwsHeader, payload: T, } diff --git a/src/jwt.rs b/src/jwt.rs index 07a4501..85962e8 100644 --- a/src/jwt.rs +++ b/src/jwt.rs @@ -1,20 +1,71 @@ -use crate::{format::Format, jwe::JsonWebEncryption, jws::JsonWebSignature}; +use alloc::string::String; + +use serde::{Deserialize, Serialize}; + +use crate::JsonWebSignature; /// A JSON Web Token (JWT) as defined in [RFC 7519] /// /// [RFC 7519]: -#[derive(Debug)] -#[allow(clippy::large_enum_variant)] // FIXME: should go away if `JsonWebEncryption` is implemented -pub enum JsonWebToken { - /// A JSON Web Token that contains a JSON Web Encryption (JWE) as defined in - /// [RFC 7516] +pub type JsonWebToken = JsonWebSignature>; + +/// The claims of a JSON Web Token (JWT) as defined in [RFC 7519]. +/// +/// The `A` type parameter is used to specify the type of the additional +/// parameters of the claims. If no additional parameters are required, +/// the unit type `()` can be used. +/// +/// [RFC 7519]: +#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] +pub struct Claims { + /// The "iss" (issuer) claim identifies the principal that issued the JWT. + /// + /// As defined in [RFC 7519 Section 4.1.1](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1). + #[serde(rename = "iss")] + pub issuer: Option, + + /// The "sub" (subject) claim identifies the principal that is the subject + /// of the JWT. + /// + /// As defined in [RFC 7519 Section 4.1.2](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2). + #[serde(rename = "sub")] + pub subject: Option, + + /// The "aud" (audience) claim identifies the recipients that the JWT is + /// intended for. /// - /// [RFC 7516]: - JsonWebEncryption(JsonWebEncryption), - /// A JSON Web Token that contains a JSON Web Signature (JWS) as defined in - /// [RFC 7515] + /// As defined in [RFC 7519 Section 4.1.3](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). + #[serde(rename = "aud")] + pub audience: Option, + + /// The "exp" (expiration time) claim identifies the expiration time on or + /// after which the JWT MUST NOT be accepted for processing. /// - /// [RFC 7515]: - // FIXME: maybe Box to avoid large stack allocation - JsonWebSignature(JsonWebSignature), + /// As defined in [RFC 7519 Section 4.1.4](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4). + #[serde(rename = "exp")] + pub expiration: Option, + + /// The "nbf" (not before) claim identifies the time before which the JWT + /// MUST NOT be accepted for processing. + /// + /// As defined in [RFC 7519 Section 4.1.5](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5). + #[serde(rename = "nbf")] + pub not_before: Option, + + /// The "iat" (issued at) claim identifies the time at which the JWT was + /// issued. + /// + /// As defined in [RFC 7519 Section 4.1.6](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6). + #[serde(rename = "iat")] + pub issued_at: Option, + + /// The "jti" (JWT ID) claim provides a unique identifier for the JWT. + /// + /// As defined in [RFC 7519 Section 4.1.7](https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7). + #[serde(rename = "jti")] + pub jwt_id: Option, + + /// Additional, potentially unregistered JWT claims. + #[serde(flatten)] + pub additional: A, } diff --git a/src/lib.rs b/src/lib.rs index a01c336..8c6112c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -46,11 +46,14 @@ pub use base64_url::Base64UrlString; #[doc(inline)] pub use self::{header::JoseHeader, jwk::JsonWebKey, jws::JsonWebSignature, jwt::JsonWebToken}; -/// Type alias to make `JsonWebSignature` easier to access. -pub type Jws = JsonWebSignature; +/// Type alias to make [`JsonWebSignature`] easier to access. +pub type Jws = JsonWebSignature; -/// Type alias to make `JsonWebToken` easier to access. -pub type Jwt = JsonWebToken; +/// Type alias to make [`JsonWebToken`] easier to access. +pub type Jwt = JsonWebToken; + +/// Type alias to make [`JsonWebKey`] easier to access. +pub type Jwk = JsonWebKey; /// This type is used when the type of the additional parameters /// of a [`JsonWebKey`], or a [`JoseHeader`] can not be