jsonwebtoken/README.md

# jsonwebtoken

[![Build Status](https://travis-ci.org/Keats/rust-jwt.svg)](https://travis-ci.org/Keats/rust-jwt)

## Installation
Add the following to Cargo.toml:

```toml
jsonwebtoken = "2"
serde_derive = "0.9"
```

## How to use
There is a complete example in `examples/claims.rs` but here's a quick one.

In terms of imports:
```rust
extern crate jsonwebtoken as jwt;
#[macro_use]
extern crate serde_derive;

use jwt::{encode, decode, Header, Algorithm, Validation};
```

Look at the examples directory for 2 examples: a basic one and one with a custom
header.

### Encoding
```rust
let token = encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap();
```
In that example, `my_claims` is an instance of a Claims struct that derives `Serialize` and `Deserialize`.
The default algorithm is HS256.
Look at custom headers section to see how to change that.

### Decoding
```rust
let token = decode::<Claims>(&token, "secret", Algorithm::HS256, &Validation::default()).unwrap();
// token is a struct with 2 params: header and claims
```
`decode` can error for a variety of reasons:

- the token or its signature is invalid
- error while decoding base64 or the result of decoding base64 is not valid UTF-8
- validation failed

### Validation
This library validates automatically the `iat`, `exp` and `nbf` claims if found. You can also validate the `sub`, `iss` and `aud` but
those require setting the expected value.
You can add some leeway to the `iat`, `exp` and `nbf` validation by setting the `leeway` parameter as shown in the example below.

```rust
use jsonwebtoken::Validation;

// Default valuation
let validation = Validation::default();
// Adding some leeway
let mut validation = Validation {leeway: 1000 * 60, ..Default::default()};
// Checking issuer
let mut validation = Validation {iss: Some("issuer".to_string()), ..Default::default()};
// Setting audience
let mut validation = Validation::default();
validation.set_audience(&"Me"); // string
validation.set_audience(&["Me", "You"]); // array of strings
```

It's also possible to disable verifying the signature of a token by setting the `validate_signature` to `false`. This should
only be done if you know what you are doing.

### Custom headers
All the parameters from the RFC are supported but the default header only has `typ` and `alg` set: all the other fields are optional.
If you want to set the `kid` parameter for example:

```rust
let mut header = Header::default();
header.kid = Some("blabla".to_owned());
header.alg = Algorithm::HS512;
let token = encode(&header, &my_claims, "secret".as_ref()).unwrap();
```
Look at `examples/custom_header.rs` for a full working example.

## Algorithms
This library currently supports the following:

- HS256
- HS384
- HS512
- RS256
- RS384
- RS512
Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			`# jsonwebtoken`
Initial commit 2015-10-31 11:37:15 -04:00
Start of README 2015-11-02 16:04:58 -05:00			`[![Build Status](https://travis-ci.org/Keats/rust-jwt.svg)](https://travis-ci.org/Keats/rust-jwt)`

Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			`## Installation`
			`Add the following to Cargo.toml:`

			```toml
Update README 2017-04-12 21:29:30 -04:00			`jsonwebtoken = "2"`
			`serde_derive = "0.9"`
Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			```
Start of README 2015-11-02 16:04:58 -05:00
			`## How to use`
Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			There is a complete example in `examples/claims.rs` but here's a quick one.
Start of README 2015-11-02 16:04:58 -05:00
Remove useless import + improve readme 2015-11-02 18:32:32 -05:00			`In terms of imports:`
			```rust
			`extern crate jsonwebtoken as jwt;`
Update README 2017-04-12 21:29:30 -04:00			`#[macro_use]`
			`extern crate serde_derive;`
Remove useless import + improve readme 2015-11-02 18:32:32 -05:00
Update README 2017-04-12 21:29:30 -04:00			`use jwt::{encode, decode, Header, Algorithm, Validation};`
Remove useless import + improve readme 2015-11-02 18:32:32 -05:00			```

Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			`Look at the examples directory for 2 examples: a basic one and one with a custom`
			`header.`

Start of README 2015-11-02 16:04:58 -05:00			`### Encoding`
			```rust
Fix bench and docs 2017-04-10 23:58:50 -04:00			`let token = encode(&Header::default(), &my_claims, "secret".as_ref()).unwrap();`
Start of README 2015-11-02 16:04:58 -05:00			```
Update README 2017-04-12 21:29:30 -04:00			In that example, `my_claims` is an instance of a Claims struct that derives `Serialize` and `Deserialize`.
Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			`The default algorithm is HS256.`
			`Look at custom headers section to see how to change that.`
Start of README 2015-11-02 16:04:58 -05:00
			`### Decoding`
			```rust
Update README 2017-04-12 21:29:30 -04:00			`let token = decode::<Claims>(&token, "secret", Algorithm::HS256, &Validation::default()).unwrap();`
Update docs a bit 2015-12-19 19:58:46 -05:00			`// token is a struct with 2 params: header and claims`
Start of README 2015-11-02 16:04:58 -05:00			```
Update README 2017-04-12 21:29:30 -04:00			`decode` can error for a variety of reasons:
Start of README 2015-11-02 16:04:58 -05:00
Update README 2017-04-12 21:29:30 -04:00			`- the token or its signature is invalid`
			`- error while decoding base64 or the result of decoding base64 is not valid UTF-8`
			`- validation failed`
Start of README 2015-11-02 16:04:58 -05:00
Add a bit about validation 2015-11-03 13:38:41 -05:00			`### Validation`
Update README 2017-04-12 21:29:30 -04:00			This library validates automatically the `iat`, `exp` and `nbf` claims if found. You can also validate the `sub`, `iss` and `aud` but
			`those require setting the expected value.`
			You can add some leeway to the `iat`, `exp` and `nbf` validation by setting the `leeway` parameter as shown in the example below.

			```rust
			`use jsonwebtoken::Validation;`

			`// Default valuation`
			`let validation = Validation::default();`
			`// Adding some leeway`
			`let mut validation = Validation {leeway: 1000 * 60, ..Default::default()};`
			`// Checking issuer`
			`let mut validation = Validation {iss: Some("issuer".to_string()), ..Default::default()};`
			`// Setting audience`
			`let mut validation = Validation::default();`
			`validation.set_audience(&"Me"); // string`
			`validation.set_audience(&["Me", "You"]); // array of strings`
			```

			It's also possible to disable verifying the signature of a token by setting the `validate_signature` to `false`. This should
			`only be done if you know what you are doing.`
Add a bit about validation 2015-11-03 13:38:41 -05:00
Update docs a bit 2015-12-19 19:58:46 -05:00			`### Custom headers`
			All the parameters from the RFC are supported but the default header only has `typ` and `alg` set: all the other fields are optional.
			If you want to set the `kid` parameter for example:

			```rust
			`let mut header = Header::default();`
			`header.kid = Some("blabla".to_owned());`
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`header.alg = Algorithm::HS512;`
Fix bench and docs 2017-04-10 23:58:50 -04:00			`let token = encode(&header, &my_claims, "secret".as_ref()).unwrap();`
Update docs a bit 2015-12-19 19:58:46 -05:00			```
Prepare for 1.0 release 2015-12-22 12:17:53 -05:00			Look at `examples/custom_header.rs` for a full working example.
Update docs a bit 2015-12-19 19:58:46 -05:00
Start of README 2015-11-02 16:04:58 -05:00			`## Algorithms`
Update README 2017-04-12 21:29:30 -04:00			`This library currently supports the following:`

			`- HS256`
			`- HS384`
			`- HS512`
			`- RS256`
			`- RS384`
			`- RS512`