🛑🛑 This fork is maintained by a solo developer, neither verified nor validated independently. I highly recommend you use the original version.
Json Web Tokens (JWT) are a popular method for creating signed transparent tokens that can be verified by clients and servers. They are enshrined in standards like OpenID Connect which causes them to be a widespread and required component of many modern web authentication system.
JWT and Json Web Signature (JWS) however have a long track record of handling issues, which have led to security issues. This library will not be a complete implementation of JWT/JWS, instead focusing on a minimal subset that can be secured and audited for correctness more closely within a limited set of use cases.
If you cannot depend on OpenSSL, this fork might be for you. Use at your own risk.
If you wish to create ECDSA signed JWT tokens, or verify ECDSA signed JWT tokens, this library is for you.
If you are implementing OIDC as a relying party or authorisation server, this library is for you.
If you want to use HMAC signatures, have a full JWS implementation, or have the non-compact (JSON) serialisation support, this library is not what you want.
There are already many other libraries for JWT on crates.io however they each have a limitation or design that conflicts with the project goals in Kanidm. Examples are:
- Incorrect Implementations - There are a number of JWT libraries in Rust that are incorrect to the RFC or do not have RFC vector tests
Ring as the sole cryptographic provider - we need to use OpenSSLnot applicable to this fork- Only supporting RSA/Weak cryptographic algos - We want to use ECDSA
- Full JWS implementation - As mentioned, JWS has a number of sharp edges like alg=none
As a result, nothing "fit" what we wanted, so we are making another library.
Special thanks to the original author and cotributors of compact-jwt.