文件列表:

.dockerignore (52, 2023-12-06)
.env.example (256, 2023-12-06)
Cargo.toml (202, 2023-12-06)
Dockerfile (1622, 2023-12-06)
LICENSE (1069, 2023-12-06)
client_validator_test.sh (2491, 2023-12-06)
common/ (0, 2023-12-06)
common/Cargo.toml (1069, 2023-12-06)
common/src/ (0, 2023-12-06)
common/src/claim.rs (361, 2023-12-06)
common/src/constants.rs (212, 2023-12-06)
common/src/lib.rs (199, 2023-12-06)
common/src/token.rs (5671, 2023-12-06)
common/src/token_fields/ (0, 2023-12-06)
common/src/token_fields/client_apps.rs (4277, 2023-12-06)
common/src/token_fields/id_token.rs (1639, 2023-12-06)
common/src/token_fields/issuer.rs (1479, 2023-12-06)
common/src/token_fields/mod.rs (483, 2023-12-06)
common/src/token_fields/refresh_token.rs (1973, 2023-12-06)
common/src/token_fields/subscriber_id.rs (1524, 2023-12-06)
common/src/validation_key.rs (15934, 2023-12-06)
docker-compose.yml (901, 2023-12-06)
lib-client/ (0, 2023-12-06)
lib-client/Cargo.toml (966, 2023-12-06)
lib-client/src/ (0, 2023-12-06)
lib-client/src/auth.rs (7576, 2023-12-06)
lib-client/src/constants.rs (144, 2023-12-06)
lib-client/src/error.rs (920, 2023-12-06)
lib-client/src/lib.rs (3160, 2023-12-06)
lib-client/src/log.rs (45, 2023-12-06)
lib-client/src/message.rs (886, 2023-12-06)
... ...

# rust-token-server [](LICENSE)    [](https://hub.docker.com/r/jqtype/id-token-server) REST API server to handle JSON Web Token, written in Rust ## Installation and build Execute the following command at the root of the cloned directory. ```bash: % cargo build --package rust-token-server --release ``` Now you get the executable file `./target/release/rust-token-server`. ## Usage ```bash: % ./rust-token-server -h Authentication server handling id token in the context of OIDC Usage: rust-token-server [COMMAND] Commands: run Run the authentication and token server admin Admin command to update admin password help Print this message or the help of the given subcommand(s) Options: -h, --help Print help -V, --version Print version ``` ### Preparing signing keys Before running the server, ECDSA (P256) key pair or EdDSA (Ed25519) must be prepared as: - P256 ```bash: # generate a keypair (actually this is a private key) % openssl ecparam -genkey -name prime256v1 -noout -out keypair.pem # extract its private key in PKCS8 format % openssl pkcs8 -in keypair.pem -out private_key.pem -topk8 -nocrypt # extract its public key % openssl ec -in keypair.pem -pubout > public_key.pem ``` - Ed25519 ```bash: # generate ed25519 private key % openssl genpkey -algorithm ed25519 -out private_key.pem # extract its public key % openssl pkey -in privatekey.pem -pubout > public_key.pem ``` ### Run the authentication server ```bash: % ./rust-token-server run -h Run the authentication and token server Usage: rust-token-server run [OPTIONS] --token-issuer --signing-key-path Options: -l, --listen-address

Listen address [default: 127.0.0.1] -p, --port Listen port [default: 3000] -t, --token-issuer Issuer of Id token specified as URL like "https://example.com/issue" -c, --client-ids Client ids allowed to connect the API server, split with comma like 'AAAA,BBBBB,CCCC'. If not specified, any client can be connected. -s, --signing-key-path Signing key file path -d, --db-file-path SQLite database file path [default: ./users.db] -h, --help Print help ``` Note that client ID's are optional, but it is recommended to specify some ID strings since they are treated as "Application IDs" allowed to connect the server. At the first time, the server automatically generate the sqlite database to store the user authentication data and refresh tokens. Then, **the administrator user "`admin`" is created. The password of `admin` is set by an environment variable `ADMIN_PASSWORD`. If `ADMIN_PASSWORD` is not set, it is randomly generated and shown in the log. We should note that the name of `admin` cannot be changed. But its password can be updated by `./rust-token-server admin` command or a REST API. ### Update admin password via CLI You can update admin password as follows even if the server is running. ```bash: % rust-token-server admin --help Admin command to update admin password Usage: rust-token-server admin [OPTIONS] --admin-password Options: -p, --admin-password SQLite database admin password -d, --db-file-path SQLite database file path [default: ./users.db] -h, --help Print help ``` ## Rest APIs ### Issue ID token by sending your username and password via POST method This can be viewed as 'login' API, and you can get ID token and some meta data via the API. ```url: http://:/v1.0/tokens ``` For example, you can call it as: ```bash % curl -i -X POST \ -H "Content-Type: application/json"\ -d '{ "auth": {"username": "", "password": ""}, "client_id": "" }' \ http://localhost:8000/v1.0/tokens ``` Note that the client_id is the identifier of client app and it is optional. ### Create new user under the administrator privilege ```url: http://:/v1.0/create_user ``` For example, you can call it as: ```bash % curl -i -X POST \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "auth": {"username": """", "password": ""}}' \ http://localhost:8000/v1.0/create_user ``` ### Update username and password Users can update their own password and username. But note that `admin` can update only its password, the username `admin` cannot be changed. ```url: http://:/v1.0/update_user ``` For example, you can call it as: ```bash: % curl -i -X POST \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d '{ "auth": {"username": """", "password": ""}}' \ http://localhost:8000/v1.0/update_user ``` ### JWKs to retrieve the public key by clients This is called by clients when ID tokens are verified. ```url: http://:/v1.0/jwks ``` ### Refresh ID tokens ID tokens can be refreshed by sending refresh token. ```bash: http://:/v1.0/refresh ``` For example, you can call it as: ```bash: % curl -i -X POST \ -H "Content-Type: application/json" \ -d '{ "refresh_token": "", "client_id": "" }' http://localhost:8000/v1.0/refresh ``` Where the `client_id` is still optional.

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：