search

Keats / jsonwebtoken

JWT lib in rust
MIT License
1.67k stars 266 forks source link

Support use of external signing service #325

Open fiadliel opened 1 year ago

fiadliel commented 1 year ago

I'd like to use this library to create JWTs, but use an external key management service for signing (so the private key material is never made public).

I don't know what kind of API you might prefer, but a minimal option might be to expose something like:

pub fn encode_unsigned<T: Serialize>(header: &Header, claims: &T) -> Result<String> {
    let encoded_header = b64_encode_part(header)?;
    let encoded_claims = b64_encode_part(claims)?;
    let message = [encoded_header, encoded_claims].join(".");

    Ok(message)
}

and then leave it up to the user to generate everything else with their preferred signing system.

A more extensive change would include an API for calling the external service.

Do you have a preference for a particular approach here?

Keats commented 1 year ago

I don't think we would add something like that. There's no JWT involved there, just some base64 serializing. You can put that snippet in your codebase, add base64 to the deps + b64_encode_part and it's going to work