@@ -97,8 +97,8 @@ Encoding a JWT takes 3 parameters:
9797- some claims: your own struct
9898- a key/secret
9999
100- When using HS256, HS384 or HS512, the key is always a shared secret like in the example above. When using
101- RSA/EC, the key should always be the content of the private key in the PEM or DER format.
100+ When using HS256, HS384, or HS512, the key is always a shared secret like in the example above. When using
101+ RSA/EC, the key should always be the content of the private key in PEM or DER format.
102102
103103If your key is in PEM format, it is better performance wise to generate the ` EncodingKey ` once in a ` lazy_static ` or
104104something similar and reuse it.
@@ -109,14 +109,14 @@ something similar and reuse it.
109109// `token` is a struct with 2 fields: `header` and `claims` where `claims` is your own struct.
110110let token = decode :: <Claims >(& token , & DecodingKey :: from_secret (" secret" . as_ref ()), & Validation :: default ())? ;
111111```
112- ` decode ` can error for a variety of reasons:
112+ ` decode ` can result in errors for a variety of reasons:
113113
114114- the token or its signature is invalid
115115- the token had invalid base64
116116- validation of at least one reserved claim failed
117117
118- As with encoding, when using HS256, HS2384 or HS512, the key is always a shared secret like in the example above. When using
119- RSA/EC, the key should always be the content of the public key in the PEM (or certificate in this case) or DER format.
118+ As with encoding, when using HS256, HS384, or HS512, the key is always a shared secret like in the example above. When using
119+ RSA/EC, the key should always be the content of the public key in PEM (or certificate in this case) or DER format.
120120
121121In some cases, for example if you don't know the algorithm used or need to grab the ` kid ` , you can choose to decode only the header:
122122
@@ -156,12 +156,12 @@ openssl pkcs8 -topk8 -nocrypt -in sec1.pem -out pkcs8.pem
156156
157157
158158## Validation
159- This library validates automatically the ` exp ` claim and ` nbf ` is validated if present. You can also validate the ` sub ` , ` iss ` and ` aud ` but
160- those require setting the expected value in the ` Validation ` struct. In the case of ` aud ` , if there is a value set in the token but
159+ This library automatically validates the ` exp ` claim, and ` nbf ` is validated if present. You can also validate the ` sub ` , ` iss ` , and ` aud ` but
160+ those require setting the expected values in the ` Validation ` struct. In the case of ` aud ` , if there is a value set in the token but
161161not in the ` Validation ` , the token will be rejected.
162162
163163Since validating time fields is always a bit tricky due to clock skew,
164- you can add some leeway to the ` iat ` , ` exp ` and ` nbf ` validation by setting the ` leeway ` field.
164+ you can add some leeway to the ` iat ` , ` exp ` , and ` nbf ` validation by setting the ` leeway ` field.
165165
166166Last but not least, you will need to set the algorithm(s) allowed for this token if you are not using ` HS256 ` .
167167
0 commit comments