I'd like to use this library to create JWTs, but use an external key management service for signing (so the private key material is never made public).
I don't know what kind of API you might prefer, but a minimal option might be to expose something like:
pub fn encode_unsigned<T: Serialize>(header: &Header, claims: &T) -> Result<String> {
let encoded_header = b64_encode_part(header)?;
let encoded_claims = b64_encode_part(claims)?;
let message = [encoded_header, encoded_claims].join(".");
Ok(message)
}
and then leave it up to the user to generate everything else with their preferred signing system.
A more extensive change would include an API for calling the external service.
Do you have a preference for a particular approach here?
I don't think we would add something like that. There's no JWT involved there, just some base64 serializing. You can put that snippet in your codebase, add base64 to the deps + b64_encode_part and it's going to work
I'd like to use this library to create JWTs, but use an external key management service for signing (so the private key material is never made public).
I don't know what kind of API you might prefer, but a minimal option might be to expose something like:
and then leave it up to the user to generate everything else with their preferred signing system.
A more extensive change would include an API for calling the external service.
Do you have a preference for a particular approach here?