A simple JWT parser written in Rust

By Tasos Papadopoulos

- 2 minutes read - 389 words

Why build yet another JWT parser?

Well, I wasn’t after building another JWT parser library. There are plenty. But there are times you just need to check certain fields (standard or not) of an existing JWT without writing a script. Further more, I had members in my team using Windows (without bash) so we needed an easy and secure way to verify JWT fields of a generated token. Ideally, a CLI app would be awsome, especially if it didn’t have tons of baggages (i.e. a JVM or other platform/framework/package dependencies) for easier distribution.

But there are online web applications doing just that!

Sure there are. But they don’t satisfy my security requirement.

People tend to forget that a JWT is as good as credentials (or an API key, if you prefer) and pasting into a third-party application might not be a good idea. It actually reminds me of an old scam:

Visit our site and type in your e-banking username and password so we check against hackers DB - we will let you know if it’s listed!

Well, I checked with them and my credentials were never listed! Yet, somehow, my money was gone…

There was another hidden requirement

None other than my curiosity and eagerness to try a new toy: Rust! Don’t get me wrong, Rust is certainly not a toy. But it was a shiny new tool and engineers love to explore shiny new tools. Such as simple side project seemed to be a great opportunity to dive into Rust. It should be straightforward to build such an app using Rust and then just compile a statically linked executable.

My second option was Java and then use GraalVM to produce a standalone binary. Maybe next time.

Rust for the rescue!

The code is available on my GitHub repository

I loved Rust for…

  • Amazing community and resources to learn Rust.
  • A huge repository of crates - so easy to find and use json, base64 and chrono crates.
  • Easily built a statically linked executable with RUSTFLAGS configuration (see build.sh)

Bonus material: I shrunk the executable using UPX, the the Ultimate Packer for eXecutables. Reminded me of the old days packing Windows’ DLL and OCX binaries into installers…

Being the first useful application I built with Rust, there is plenty of room for improvements!

Photo by Cristina Gottardi on Unsplash