jsonwebtoken/README.md

# jsonwebtoken

[![Build Status](https://travis-ci.org/Keats/rust-jwt.svg)](https://travis-ci.org/Keats/rust-jwt)

## Installation
Add the following to Cargo.toml:

```toml
jsonwebtoken = "0.2"
rustc-serialize = "0.3"
```

## How to use
There is a complete example in examples/claims.rs but here's a quick one.

In terms of imports:
```rust
extern crate jsonwebtoken as jwt;
extern crate rustc_serialize;

use jwt::{encode, decode, Header, Algorithm};
```

### Encoding
```rust
let token = encode(Header::default(), &my_claims, "secret".as_ref()).unwrap();
```
In that example, `my_claims` is an instance of the Claims struct.  
The struct you are using for your claims should derive `RustcEncodable` and `RustcDecodable`.
The default algorithm is HS256. Look at custom headers section to see how to change that.

### Decoding
```rust
let token = decode::<Claims>(&token, "secret", Algorithm::HS256).unwrap();
// token is a struct with 2 params: header and claims
```
In addition to the normal base64/json decoding errors, `decode` can return two custom errors:

- **InvalidToken**: if the token is not a valid JWT
- **InvalidSignature**: if the signature doesn't match
- **WrongAlgorithmHeader**: if the alg in the header doesn't match the one given to decode

### Validation
Right now, the library only validates the algorithm type used but does not verify claims such as expiration.
Feel free to add a `validate` method to your claims struct to handle that.

### Custom headers
All the parameters from the RFC are supported but the default header only has `typ` and `alg` set: all the other fields are optional.
If you want to set the `kid` parameter for example:

```rust
let mut header = Header::default();
header.kid = Some("blabla".to_owned());
header.alg = Algorithm::HS512;
let token = encode(header, &my_claims, "secret".as_ref()).unwrap();
```

## Algorithms
Right now, only SHA family is supported: SHA256, SHA384 and SHA512.

## Performance
On my thinkpad 440s for a 2 claims struct using SHA256:

```
test bench_decode ... bench:       7,259 ns/iter (+/- 1,506)
test bench_encode ... bench:       4,261 ns/iter (+/- 722)
```
Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			`# jsonwebtoken`
Initial commit 2015-10-31 11:37:15 -04:00
Start of README 2015-11-02 16:04:58 -05:00			`[![Build Status](https://travis-ci.org/Keats/rust-jwt.svg)](https://travis-ci.org/Keats/rust-jwt)`

Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			`## Installation`
			`Add the following to Cargo.toml:`

			```toml
Update version number in doc 2015-11-10 11:38:41 -05:00			`jsonwebtoken = "0.2"`
Rename to jsonwebtoken 2015-11-02 18:27:28 -05:00			`rustc-serialize = "0.3"`
			```
Start of README 2015-11-02 16:04:58 -05:00
			`## How to use`
			`There is a complete example in examples/claims.rs but here's a quick one.`

Remove useless import + improve readme 2015-11-02 18:32:32 -05:00			`In terms of imports:`
			```rust
			`extern crate jsonwebtoken as jwt;`
			`extern crate rustc_serialize;`

Update docs a bit 2015-12-19 19:58:46 -05:00			`use jwt::{encode, decode, Header, Algorithm};`
Remove useless import + improve readme 2015-11-02 18:32:32 -05:00			```

Start of README 2015-11-02 16:04:58 -05:00			`### Encoding`
			```rust
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`let token = encode(Header::default(), &my_claims, "secret".as_ref()).unwrap();`
Start of README 2015-11-02 16:04:58 -05:00			```
			In that example, `my_claims` is an instance of the Claims struct.
			The struct you are using for your claims should derive `RustcEncodable` and `RustcDecodable`.
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`The default algorithm is HS256. Look at custom headers section to see how to change that.`
Start of README 2015-11-02 16:04:58 -05:00
			`### Decoding`
			```rust
Update docs a bit 2015-12-19 19:58:46 -05:00			`let token = decode::<Claims>(&token, "secret", Algorithm::HS256).unwrap();`
			`// token is a struct with 2 params: header and claims`
Start of README 2015-11-02 16:04:58 -05:00			```
			In addition to the normal base64/json decoding errors, `decode` can return two custom errors:

			`- InvalidToken: if the token is not a valid JWT`
			`- InvalidSignature: if the signature doesn't match`
Uncomment alg comparison 2015-11-02 16:22:21 -05:00			`- WrongAlgorithmHeader: if the alg in the header doesn't match the one given to decode`
Start of README 2015-11-02 16:04:58 -05:00
Add a bit about validation 2015-11-03 13:38:41 -05:00			`### Validation`
			`Right now, the library only validates the algorithm type used but does not verify claims such as expiration.`
			Feel free to add a `validate` method to your claims struct to handle that.

Update docs a bit 2015-12-19 19:58:46 -05:00			`### Custom headers`
			All the parameters from the RFC are supported but the default header only has `typ` and `alg` set: all the other fields are optional.
			If you want to set the `kid` parameter for example:

			```rust
			`let mut header = Header::default();`
			`header.kid = Some("blabla".to_owned());`
Change order of encode method args + make alg field public 2015-12-21 14:23:10 -05:00			`header.alg = Algorithm::HS512;`
			`let token = encode(header, &my_claims, "secret".as_ref()).unwrap();`
Update docs a bit 2015-12-19 19:58:46 -05:00			```

Start of README 2015-11-02 16:04:58 -05:00			`## Algorithms`
Add sha384 and sha512 Thanks to irc user durka42 2015-11-02 17:34:20 -05:00			`Right now, only SHA family is supported: SHA256, SHA384 and SHA512.`
Start of README 2015-11-02 16:04:58 -05:00
			`## Performance`
Add sha384 and sha512 Thanks to irc user durka42 2015-11-02 17:34:20 -05:00			`On my thinkpad 440s for a 2 claims struct using SHA256:`
Start of README 2015-11-02 16:04:58 -05:00
Initial commit 2015-10-31 11:37:15 -04:00			```
Update benchmark 2015-12-22 12:10:33 -05:00			`test bench_decode ... bench: 7,259 ns/iter (+/- 1,506)`
			`test bench_encode ... bench: 4,261 ns/iter (+/- 722)`
Initial commit 2015-10-31 11:37:15 -04:00			```