jsonwebtoken icon indicating copy to clipboard operation
jsonwebtoken copied to clipboard
verified publisher icon Keats

Support use of external signing service

Open fiadliel opened this issue 2 years ago • 1 comments

I'd like to use this library to create JWTs, but use an external key management service for signing (so the private key material is never made public).

I don't know what kind of API you might prefer, but a minimal option might be to expose something like:

pub fn encode_unsigned<T: Serialize>(header: &Header, claims: &T) -> Result<String> {
    let encoded_header = b64_encode_part(header)?;
    let encoded_claims = b64_encode_part(claims)?;
    let message = [encoded_header, encoded_claims].join(".");

    Ok(message)
}

and then leave it up to the user to generate everything else with their preferred signing system.

A more extensive change would include an API for calling the external service.

Do you have a preference for a particular approach here?

fiadliel avatar Aug 30 '23 17:08 fiadliel

I don't think we would add something like that. There's no JWT involved there, just some base64 serializing. You can put that snippet in your codebase, add base64 to the deps + b64_encode_part and it's going to work

Keats avatar Sep 01 '23 19:09 Keats