This lib is used to store Json Web Key Set from your authentication provider. It stores in an internal Cache fetched JWKS and automatically refresh them after a given time.
Add to your Cargo.toml
# Cargo.toml
[dependencies]
jwks_client_rs = "0.5"// Put in your application context or wherever this can live long enough
use jwks_client_rs::source::WebSource;
use jwks_client_rs::JwksClient;
// here you must join your `BASE_AUTH0_URL` env var with `.well-known/jwks.json` or whatever is the jwks url
let url: reqwest::Url = todo!();
let timeout: std::time::Duration = todo!();
// You can define a different source too using `JwksSource` trait
let source: WebSource = WebSource::builder()
.with_timeout(timeout)
.with_connect_timeout(timeout)
.build(url);
let client: JwksClient<WebSource> = JwksClient::builder()
.build(source);
// Store your client in your application context or whatever
// ..
// Get jwk by kid
use jwks_client_rs::{JsonWebKey, JwksClientError};
let kid: String = todo!();
let result: Result<JsonWebKey, JwksClientError> = app_context.jwks_client.get(kid).await;It is possible to decode your token validating it has been signed by one of your authentication provider JWKS.
#[derive(serde::Deserialize)]
struct Claims {
aud: String,
}
let client: JwksClient = todo!();
// Here's the token. Remember to remove "Bearer " from your token in case it is present
let token: &str = todo!();
// The audience the token were released for.
let audience: &str = todo!();
let result: Result<Claims, JwksClientError> = client.decode::<Claims>(token, audience).await;A working example could be found in examples folder. To run the example:
- Export the
KIDenv variable (take it from your tenant well known jwks) - Export the
BASE_AUTH0_URL(by running localauth0 or using your auth0 tenant; the url should be your localauth0 exposed port onlocalhostor something likehttps://{your-tenant}.eu.auth0.com) - Run in shell
cargo run --example get_jwks