From 179f72155ff5e214997278ed2871eb9e8d25b7bb Mon Sep 17 00:00:00 2001 From: Jared De La Cruz Date: Thu, 20 Feb 2020 22:56:09 -0800 Subject: [PATCH] Add claims and validation to the readme --- README.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 48db6cc..f6f6e6f 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,20 @@ struct Claims { } ``` +### Claims +The claims fields which can be validated. (see [validation](#validation)) +```rust +#[derive(Debug, Serialize, Deserialize)] +struct Claims { + aud: String // Optional. Audience + exp: DateTime, // Required (validate_exp defaults to true in validation). Expiration time + iat: DateTime // Optional. Issued at + iss: String // Optional. Issuer + nbf: DateTime // Optional. Not Before + sub: String, // Optional. Subject (whom token refers to) +} +``` + ### Header The default algorithm is HS256, which uses a shared secret. @@ -110,7 +124,7 @@ let header = decode_header(&token)?; This does not perform any signature verification or validate the token claims. -You can also decode a token using the public key components of a RSA key in base64 format. +You can also decode a token using the public key components of a RSA key in base64 format. The main use-case is for JWK where your public key is in a JSON format like so: ```json @@ -148,6 +162,19 @@ you can add some leeway to the `iat`, `exp` and `nbf` validation by setting the Last but not least, you will need to set the algorithm(s) allowed for this token if you are not using `HS256`. +```rust +#[derive(Debug, Clone, PartialEq)] +struct Validation { + pub leeway: u64, // Default: 0 + pub validate_exp: bool, // Default: true + pub validate_nbf: bool, // Default: false + pub aud: Option>, // Default: None + pub iss: Option, // Default: None + pub sub: Option, // Default: None + pub algorithms: Vec, // Default: vec![Algorithm::HS256] +} +``` + ```rust use jsonwebtoken::{Validation, Algorithm};