Struct jwt_compact::Header
source · #[non_exhaustive]pub struct Header<T = Empty> {
pub key_set_url: Option<String>,
pub key_id: Option<String>,
pub certificate_url: Option<String>,
pub certificate_sha1_thumbprint: Option<Thumbprint<20>>,
pub certificate_thumbprint: Option<Thumbprint<32>>,
pub token_type: Option<String>,
pub other_fields: T,
}
Expand description
JWT header.
See RFC 7515 for the description
of the fields. The purpose of all fields except token_type
is to determine
the verifying key. Since these values will be provided by the adversary in the case of
an attack, they require additional verification (e.g., a provided certificate might
be checked against the list of “acceptable” certificate authorities).
A Header
can be created using Default
implementation, which does not set any fields.
For added fluency, you may use with_*
methods:
use sha2::{digest::Digest, Sha256};
let my_key_cert = // DER-encoded key certificate
let thumbprint: [u8; 32] = Sha256::digest(my_key_cert).into();
let header = Header::empty()
.with_key_id("my-key-id")
.with_certificate_thumbprint(thumbprint);
Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. }
syntax; cannot be matched against without a wildcard ..
; and struct update syntax will not work.key_set_url: Option<String>
URL of the JSON Web Key Set containing the key that has signed the token.
This field is renamed to jku
for serialization.
key_id: Option<String>
Identifier of the key that has signed the token. This field is renamed to kid
for serialization.
certificate_url: Option<String>
URL of the X.509 certificate for the signing key. This field is renamed to x5u
for serialization.
certificate_sha1_thumbprint: Option<Thumbprint<20>>
SHA-1 thumbprint of the X.509 certificate for the signing key.
This field is renamed to x5t
for serialization.
certificate_thumbprint: Option<Thumbprint<32>>
SHA-256 thumbprint of the X.509 certificate for the signing key.
This field is renamed to x5t#S256
for serialization.
token_type: Option<String>
Application-specific token type. This field is renamed to typ
for serialization.
other_fields: T
Other fields encoded in the header. These fields may be used by agreement between the producer and consumer of the token to pass additional information. See Sections 4.2 and 4.3 of RFC 7515 for details.
For the token creation and validation to work properly, the fields type must Serialize
to a JSON object.
Note that these fields do not include the signing algorithm (alg
) and the token
content type (cty
) since both these fields have predefined semantics and are used
internally by the crate logic.
Implementations§
source§impl<T> Header<T>
impl<T> Header<T>
sourcepub fn with_key_set_url(self, key_set_url: impl Into<String>) -> Self
pub fn with_key_set_url(self, key_set_url: impl Into<String>) -> Self
Sets the key_set_url
field for this header.
sourcepub fn with_key_id(self, key_id: impl Into<String>) -> Self
pub fn with_key_id(self, key_id: impl Into<String>) -> Self
Sets the key_id
field for this header.
sourcepub fn with_certificate_url(self, certificate_url: impl Into<String>) -> Self
pub fn with_certificate_url(self, certificate_url: impl Into<String>) -> Self
Sets the certificate_url
field for this header.
sourcepub fn with_certificate_sha1_thumbprint(
self,
certificate_thumbprint: impl Into<Thumbprint<20>>
) -> Self
pub fn with_certificate_sha1_thumbprint( self, certificate_thumbprint: impl Into<Thumbprint<20>> ) -> Self
Sets the certificate_sha1_thumbprint
field for this header.
sourcepub fn with_certificate_thumbprint(
self,
certificate_thumbprint: impl Into<Thumbprint<32>>
) -> Self
pub fn with_certificate_thumbprint( self, certificate_thumbprint: impl Into<Thumbprint<32>> ) -> Self
Sets the certificate_thumbprint
field for this header.
sourcepub fn with_token_type(self, token_type: impl Into<String>) -> Self
pub fn with_token_type(self, token_type: impl Into<String>) -> Self
Sets the token_type
field for this header.