{"id":16819558,"url":"https://github.com/slowli/jwt-compact","last_synced_at":"2025-04-12T21:35:40.730Z","repository":{"id":34988362,"uuid":"194382352","full_name":"slowli/jwt-compact","owner":"slowli","description":"Compact JWT implementation in Rust","archived":false,"fork":false,"pushed_at":"2024-10-29T03:39:11.000Z","size":1654,"stargazers_count":53,"open_issues_count":5,"forks_count":14,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-29T15:35:05.286Z","etag":null,"topics":["cbor","elliptic-curves","jwt"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/slowli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-29T08:24:23.000Z","updated_at":"2024-10-16T11:46:55.000Z","dependencies_parsed_at":"2023-10-12T00:11:09.685Z","dependency_job_id":"36eb3088-4e09-4c91-a724-5f9b8effbd4b","html_url":"https://github.com/slowli/jwt-compact","commit_stats":{"total_commits":385,"total_committers":10,"mean_commits":38.5,"dds":"0.24675324675324672","last_synced_commit":"81892519ff1b2e676af21ece486547981e78cf14"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slowli%2Fjwt-compact","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slowli%2Fjwt-compact/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slowli%2Fjwt-compact/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slowli%2Fjwt-compact/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/slowli","download_url":"https://codeload.github.com/slowli/jwt-compact/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248637187,"owners_count":21137530,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cbor","elliptic-curves","jwt"],"created_at":"2024-10-13T10:53:49.670Z","updated_at":"2025-04-12T21:35:40.706Z","avatar_url":"https://github.com/slowli.png","language":"Rust","readme":"# Compact JWT implementation in Rust\n\n[![Build Status](https://github.com/slowli/jwt-compact/workflows/CI/badge.svg?branch=master)](https://github.com/slowli/jwt-compact/actions)\n[![License: Apache-2.0](https://img.shields.io/github/license/slowli/jwt-compact.svg)](https://github.com/slowli/jwt-compact/blob/master/LICENSE)\n![rust 1.70+ required](https://img.shields.io/badge/rust-1.70+-blue.svg?label=Required%20Rust)\n![no_std supported](https://img.shields.io/badge/no__std-tested-green.svg)\n\n**Documentation:** [![Docs.rs](https://docs.rs/jwt-compact/badge.svg)](https://docs.rs/jwt-compact/)\n[![crate docs (master)](https://img.shields.io/badge/master-yellow.svg?label=docs)](https://slowli.github.io/jwt-compact/jwt_compact/)\n\nMinimalistic [JSON web token (JWT)][JWT] implementation with focus on type safety\nand secure cryptographic primitives.\n\n## Usage\n\nAdd this to your `Crate.toml`:\n\n```toml\n[dependencies]\njwt-compact = \"0.9.0-beta.1\"\n```\n\n## Basic token lifecycle\n\n```rust\nuse chrono::{Duration, Utc};\nuse jwt_compact::{prelude::*, alg::{Hs256, Hs256Key}};\nuse serde::{Serialize, Deserialize};\n\n/// Custom claims encoded in the token.\n#[derive(Debug, PartialEq, Serialize, Deserialize)]\nstruct CustomClaims {\n    #[serde(rename = \"sub\")]\n    subject: String,\n    // other fields...\n}\n\n// Choose time-related options for token creation / validation.\nlet time_options = TimeOptions::default();\n// Create a symmetric HMAC key, which will be used both to create and verify tokens.\nlet key = Hs256Key::new(b\"super_secret_key_donut_steel\");\n// Create a token.\nlet header = Header::empty().with_key_id(\"my-key\");\nlet claims = Claims::new(CustomClaims { subject: \"alice\".to_owned() })\n    .set_duration_and_issuance(\u0026time_options, Duration::hours(1))\n    .set_not_before(Utc::now());\nlet token_string = Hs256.token(\u0026header, \u0026claims, \u0026key)?;\nprintln!(\"token: {token_string}\");\n\n// Parse the token.\nlet token = UntrustedToken::new(\u0026token_string)?;\n// Before verifying the token, we might find the key which has signed the token\n// using the `Header.key_id` field.\nassert_eq!(token.header().key_id.as_deref(), Some(\"my-key\"));\n// Validate the token integrity.\nlet token: Token\u003cCustomClaims\u003e = Hs256.validator(\u0026key).validate(\u0026token)?;\n// Validate additional conditions.\ntoken.claims()\n    .validate_expiration(\u0026time_options)?\n    .validate_maturity(\u0026time_options)?;\nOk::\u003c_, anyhow::Error\u003e(())\n```\n\nSee the crate docs for more examples of usage.\n\n## Features\n\n- Algorithm-specific signing and verifying keys (i.e., type safety).\n- Key strength requirements from [RFC 7518] are expressed with wrapper types.\n- Easy to extend to support new signing algorithms.\n- The crate supports more compact [CBOR] encoding of the claims.\n- Basic [JWK] functionality for key conversion from human-readable formats (JSON / YAML / TOML)\n  and computing [key thumbprints].\n- `HS256`, `HS384` and `HS512` algorithms are implemented via pure Rust [`sha2`] crate.\n- The crate supports `EdDSA` algorithm with the Ed25519 elliptic curve, and `ES256K` algorithm\n  with the secp256k1 elliptic curve. Both curves are widely used in crypto community\n  and believed to be securely generated (there are some doubts about parameter generation\n  for elliptic curves used in standard `ES*` algorithms).\n- The `ES256` algorithm is supported via pure Rust [`p256`] crate.\n- RSA algorithms (`RS*` and `PS*`) are supported via pure Rust [`rsa`] crate.\n  Beware that the `rsa` crate (along with other RSA implementations) may be susceptible to\n  [the \"Marvin\" timing side-channel attack](https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr)\n  at the time of writing; use with caution.\n- The crate supports the `no_std` mode. [No-std support](e2e-tests/no-std) \n  and [WASM compatibility](e2e-tests/wasm) are explicitly tested.\n\n### Missing features\n\n- Built-in checks of some claims (e.g., `iss` – the token issuer).\n  This is intentional: depending on the use case, such claims can have different semantics\n  and thus be represented by different datatypes (e.g., `iss` may be a human-readable short ID,\n  a hex-encoded key digest, etc.)\n- `ES384` and `ES512` algorithms.\n\n## Alternatives\n\n[`jsonwebtoken`], [`frank_jwt`] or [`biscuit`] may be viable alternatives depending on the use case\n(e.g., none of them seems to implement `EdDSA` or `ES256K` algorithms).\n\n## See also\n\n- [justwebtoken.io](https://justwebtoken.io/) – educational mini-website that uses this library\n  packaged in a WASM module.\n\n## Contributing\n\nAll contributions are welcome! See [the contributing guide](CONTRIBUTING.md) to help\nyou get involved.\n\n## License\n\nLicensed under the [Apache-2.0 license](LICENSE).\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in `jwt-compact` by you, as defined in the Apache-2.0 license,\nshall be licensed as above, without any additional terms or conditions.\n\n[JWT]: https://jwt.io/\n[JWK]: https://tools.ietf.org/html/rfc7517.html\n[key thumbprints]: https://tools.ietf.org/html/rfc7638\n[CBOR]: https://tools.ietf.org/html/rfc7049\n[RFC 7518]: https://www.rfc-editor.org/rfc/rfc7518.html\n[`sha2`]: https://crates.io/crates/sha2\n[`jsonwebtoken`]: https://crates.io/crates/jsonwebtoken\n[`frank_jwt`]: https://crates.io/crates/frank_jwt\n[`biscuit`]: https://crates.io/crates/biscuit\n[`p256`]: https://crates.io/crates/p256\n[`rsa`]: https://crates.io/crates/rsa\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslowli%2Fjwt-compact","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslowli%2Fjwt-compact","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslowli%2Fjwt-compact/lists"}