crates/atproto-oauth-axum/src/handle_jwks.rs at main · smokesignal.events/atproto-identity-rs

smokesignal.events / atproto-identity-rs

A library for ATProtocol identities.

atproto-identity-rs / crates / atproto-oauth-axum / src / handle_jwks.rs

at main 1.0 kB view raw

 1//! JSON Web Key Set (JWKS) endpoint handler.
 2//!
 3//! Serve OAuth client public keys for JWT signature verification
 4//! by authorization servers.
 5
 6use atproto_oauth::jwk::{WrappedJsonWebKey, generate};
 7use axum::{Json, response::IntoResponse};
 8use serde::Serialize;
 9
10use crate::state::OAuthClientConfig;
11
12/// JSON Web Key Set response structure.
13///
14/// Contains a collection of public keys for JWT signature verification.
15#[derive(Serialize)]
16pub struct WrappedJsonWebKeySet {
17    /// Array of JSON Web Keys
18    pub keys: Vec<WrappedJsonWebKey>,
19}
20
21/// Handles requests for the OAuth JWKS (JSON Web Key Set) endpoint.
22///
23/// Returns the public keys used by this OAuth client for JWT signature verification.
24pub async fn handle_oauth_jwks(oauth_client_config: OAuthClientConfig) -> impl IntoResponse {
25    let mut jwks = Vec::new();
26    for key_data in &oauth_client_config.signing_keys {
27        if let Ok(jwk) = generate(key_data) {
28            jwks.push(jwk);
29        }
30    }
31    Json(WrappedJsonWebKeySet { keys: jwks })
32}