A simple JWT parser written in Rust
By Tasos Papadopoulos
- 2 minutes read - 389 wordsWhy build yet another JWT parser?
Well, I wasn’t after building another JWT parser library. There are plenty. But there are times you just need to check certain fields (standard or not) of an existing JWT without writing a script. Further more, I had members in my team using Windows (without bash) so we needed an easy and secure way to verify JWT fields of a generated token. Ideally, a CLI app would be awsome, especially if it didn’t have tons of baggages (i.e. a JVM or other platform/framework/package dependencies) for easier distribution.
But there are online web applications doing just that!
Sure there are. But they don’t satisfy my security requirement.
People tend to forget that a JWT is as good as credentials (or an API key, if you prefer) and pasting into a third-party application might not be a good idea. It actually reminds me of an old scam:
Visit our site and type in your e-banking username and password so we check against hackers DB - we will let you know if it’s listed!
Well, I checked with them and my credentials were never listed! Yet, somehow, my money was gone…
There was another hidden requirement
None other than my curiosity and eagerness to try a new toy: Rust! Don’t get me wrong, Rust is certainly not a toy. But it was a shiny new tool and engineers love to explore shiny new tools. Such as simple side project seemed to be a great opportunity to dive into Rust. It should be straightforward to build such an app using Rust and then just compile a statically linked executable.
My second option was Java and then use GraalVM to produce a standalone binary. Maybe next time.
Rust for the rescue!
The code is available on my GitHub repository
I loved Rust for…
- Amazing community and resources to learn Rust.
- A huge repository of crates - so easy to find and use json, base64 and chrono crates.
- Easily built a statically linked executable with RUSTFLAGS configuration (see build.sh)
Bonus material: I shrunk the executable using UPX, the the Ultimate Packer for eXecutables. Reminded me of the old days packing Windows’ DLL and OCX binaries into installers…
Being the first useful application I built with Rust, there is plenty of room for improvements!
Photo by Cristina Gottardi on Unsplash