jsonwebtoken/README.md

# jsonwebtoken

[![Build Status](https://travis-ci.org/Keats/jsonwebtoken.svg)](https://travis-ci.org/Keats/jsonwebtoken)

[API documentation on docs.rs](https://docs.rs/jsonwebtoken/)

## Installation
Add the following to Cargo.toml:

```toml
jsonwebtoken = "2"
serde_derive = "1.0"
```

## How to use
There is a complete example in `examples/claims.rs` but here's a quick one.

In terms of imports:
```rust
extern crate jsonwebtoken as jwt;
#[macro_use]
extern crate serde_derive;

use jwt::{encode, decode, Header, Algorithm, Validation};
```

Look at the examples directory for 2 examples: a basic one and one with a custom
header.

### Encoding
```rust
let token = encode(&Header::default(), &my_claims, "secret".as_ref())?;
```
In that example, `my_claims` is an instance of a Claims struct that derives `Serialize` and `Deserialize`.
The default algorithm is HS256.
Look at custom headers section to see how to change that.

### Decoding
```rust
let token = decode::<Claims>(&token, "secret", &Validation::default())?;
// token is a struct with 2 params: header and claims
```
`decode` can error for a variety of reasons:

- the token or its signature is invalid
- error while decoding base64 or the result of decoding base64 is not valid UTF-8
- validation of at least one reserved claim failed

In some cases, you will want to only decode the header:


```rust
let header = decode_header(&token)?;
```

### Validation
This library validates automatically the `iat`, `exp` and `nbf` claims if found. You can also validate the `sub`, `iss` and `aud` but
those require setting the expected value.
You can add some leeway to the `iat`, `exp` and `nbf` validation by setting the `leeway` parameter as shown in the example below as well
as select allowed algorithms.

```rust
use jsonwebtoken::{Validation, Algorithm};

// Default valuation
let validation = Validation::default();
// Adding some leeway (in seconds) for iat, exp and nbf checks
let mut validation = Validation {leeway: 60, ..Default::default()};
// Checking issuer
let mut validation = Validation {iss: Some("issuer".to_string()), ..Default::default()};
// Setting audience
let mut validation = Validation::default();
validation.set_audience(&"Me"); // string
validation.set_audience(&["Me", "You"]); // array of strings
// Will error if the token given has an algorithm that isn't HS256
let mut validation = Validation {algorithms: Some(vec![Algorithm::HS256]), ..Default::default()};
```

### Custom headers
All the parameters from the RFC are supported but the default header only has `typ` and `alg` set: all the other fields are optional.
If you want to set the `kid` parameter for example:

```rust
let mut header = Header::default();
header.kid = Some("blabla".to_owned());
header.alg = Algorithm::HS512;
let token = encode(&header, &my_claims, "secret".as_ref())?;
```
Look at `examples/custom_header.rs` for a full working example.

## Algorithms
This library currently supports the following:

- HS256
- HS384
- HS512
- RS256
- RS384
- RS512

### RSA
`jsonwebtoken` can only read DER encoded keys currently. If you have openssl installed,
you can run the following commands to obtain the DER keys from .pem:

```bash
// private key
$ openssl rsa -in private_rsa_key.pem -outform DER -out private_rsa_key.der
// public key
$ openssl rsa -in private_rsa_key.der -inform DER -RSAPublicKey_out -outform DER -out public_key.der
```

If you are getting an error with your public key, make sure you get it by using the command above to ensure
it is in the right format.
Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			`# jsonwebtoken`
Initial commit 2015-10-31 11:37:15 -04:00
Update README.md 2017-04-26 03:51:44 -04:00			`[![Build Status](https://travis-ci.org/Keats/jsonwebtoken.svg)](https://travis-ci.org/Keats/jsonwebtoken)`
Start of README 2015-11-02 16:04:58 -05:00
Add docs link 2017-04-23 01:27:19 -04:00			`[API documentation on docs.rs](https://docs.rs/jsonwebtoken/)`

Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			`## Installation`
			`Add the following to Cargo.toml:`

			```toml
Update README 2017-04-12 21:29:30 -04:00			`jsonwebtoken = "2"`
Update the readme to suggest serde 1.0 over 0.9 2017-04-22 01:27:27 -04:00			`serde_derive = "1.0"`
Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			```
Start of README 2015-11-02 16:04:58 -05:00
			`## How to use`
Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			There is a complete example in `examples/claims.rs` but here's a quick one.
Start of README 2015-11-02 16:04:58 -05:00
Remove useless import + improve readme 2015-11-02 18:32:32 -05:00			`In terms of imports:`
			```rust
			`extern crate jsonwebtoken as jwt;`
Update README 2017-04-12 21:29:30 -04:00			`#[macro_use]`
			`extern crate serde_derive;`
Remove useless import + improve readme 2015-11-02 18:32:32 -05:00
Update README 2017-04-12 21:29:30 -04:00			`use jwt::{encode, decode, Header, Algorithm, Validation};`
Remove useless import + improve readme 2015-11-02 18:32:32 -05:00			```

Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			`Look at the examples directory for 2 examples: a basic one and one with a custom`
			`header.`

Start of README 2015-11-02 16:04:58 -05:00			`### Encoding`
			```rust
Update docs 2017-08-25 04:53:32 -04:00			`let token = encode(&Header::default(), &my_claims, "secret".as_ref())?;`
Start of README 2015-11-02 16:04:58 -05:00			```
Update README 2017-04-12 21:29:30 -04:00			In that example, `my_claims` is an instance of a Claims struct that derives `Serialize` and `Deserialize`.
Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			`The default algorithm is HS256.`
			`Look at custom headers section to see how to change that.`
Start of README 2015-11-02 16:04:58 -05:00
			`### Decoding`
			```rust
Update docs 2017-08-25 04:53:32 -04:00			`let token = decode::<Claims>(&token, "secret", &Validation::default())?;`
Update docs a bit 2015-12-19 19:58:46 -05:00			`// token is a struct with 2 params: header and claims`
Start of README 2015-11-02 16:04:58 -05:00			```
Update README 2017-04-12 21:29:30 -04:00			`decode` can error for a variety of reasons:
Start of README 2015-11-02 16:04:58 -05:00
Update README 2017-04-12 21:29:30 -04:00			`- the token or its signature is invalid`
			`- error while decoding base64 or the result of decoding base64 is not valid UTF-8`
Reorganise a bit and add more docs 2017-04-13 03:36:32 -04:00			`- validation of at least one reserved claim failed`
Start of README 2015-11-02 16:04:58 -05:00
Update docs 2017-08-25 04:53:32 -04:00			`In some cases, you will want to only decode the header:`


			```rust
			`let header = decode_header(&token)?;`
			```

Add a bit about validation 2015-11-03 13:38:41 -05:00			`### Validation`
Update README 2017-04-12 21:29:30 -04:00			This library validates automatically the `iat`, `exp` and `nbf` claims if found. You can also validate the `sub`, `iss` and `aud` but
			`those require setting the expected value.`
No need to pass an algorithm to decode 2017-04-22 02:21:16 -04:00			You can add some leeway to the `iat`, `exp` and `nbf` validation by setting the `leeway` parameter as shown in the example below as well
			`as select allowed algorithms.`
Update README 2017-04-12 21:29:30 -04:00
			```rust
No need to pass an algorithm to decode 2017-04-22 02:21:16 -04:00			`use jsonwebtoken::{Validation, Algorithm};`
Update README 2017-04-12 21:29:30 -04:00
			`// Default valuation`
			`let validation = Validation::default();`
Update ring and fix leeway docs 2017-08-30 05:09:57 -04:00			`// Adding some leeway (in seconds) for iat, exp and nbf checks`
			`let mut validation = Validation {leeway: 60, ..Default::default()};`
Update README 2017-04-12 21:29:30 -04:00			`// Checking issuer`
			`let mut validation = Validation {iss: Some("issuer".to_string()), ..Default::default()};`
			`// Setting audience`
			`let mut validation = Validation::default();`
			`validation.set_audience(&"Me"); // string`
			`validation.set_audience(&["Me", "You"]); // array of strings`
No need to pass an algorithm to decode 2017-04-22 02:21:16 -04:00			`// Will error if the token given has an algorithm that isn't HS256`
			`let mut validation = Validation {algorithms: Some(vec![Algorithm::HS256]), ..Default::default()};`
Update README 2017-04-12 21:29:30 -04:00			```

Update docs a bit 2015-12-19 19:58:46 -05:00			`### Custom headers`
			All the parameters from the RFC are supported but the default header only has `typ` and `alg` set: all the other fields are optional.
			If you want to set the `kid` parameter for example:

			```rust
			`let mut header = Header::default();`
			`header.kid = Some("blabla".to_owned());`
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`header.alg = Algorithm::HS512;`
Update docs 2017-08-25 04:53:32 -04:00			`let token = encode(&header, &my_claims, "secret".as_ref())?;`
Update docs a bit 2015-12-19 19:58:46 -05:00			```
Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			Look at `examples/custom_header.rs` for a full working example.
Update docs a bit 2015-12-19 19:58:46 -05:00
Start of README 2015-11-02 16:04:58 -05:00			`## Algorithms`
Update README 2017-04-12 21:29:30 -04:00			`This library currently supports the following:`

			`- HS256`
			`- HS384`
			`- HS512`
			`- RS256`
			`- RS384`
			`- RS512`
Add notes about RSA in README 2017-04-14 05:15:06 -04:00
			`### RSA`
			`jsonwebtoken` can only read DER encoded keys currently. If you have openssl installed,
			`you can run the following commands to obtain the DER keys from .pem:`

			```bash
			`// private key`
			`$ openssl rsa -in private_rsa_key.pem -outform DER -out private_rsa_key.der`
			`// public key`
			`$ openssl rsa -in private_rsa_key.der -inform DER -RSAPublicKey_out -outform DER -out public_key.der`
			```

			`If you are getting an error with your public key, make sure you get it by using the command above to ensure`
			`it is in the right format.`