Can't seem to use the RsaPublicKey.verify function?

I'm trying to Verify the digital signature of a JWT using the RSA public key from Keycloak.

However I get an error that reads
error[E0277]: the trait bound 'OidSha256: AssociatedOid' is not satisfied
--> src/main.rs:117:39
|
117 | let padding = Pkcs1v15Sign::();
| ^^^^^^ the trait 'AssociatedOid' is not implemented for 'OidSha256'
|
= help: the following other types implement trait 'AssociatedOid':
CoreWrapper
CtVariableCoreWrapper<T, OutSize, O>
= note: required for 'CtVariableCoreWrapper<Sha256VarCore, UInt<UInt<..., ...>, ...>, ...>' to implement 'AssociatedOid'
= note: 1 redundant requirement hidden
= note: required for 'CoreWrapper<CtVariableCoreWrapper<Sha256VarCore, ..., ...>>' to implement 'AssociatedOid'
note: required by a bound in 'Pkcs1v15Sign::new'
--> /home/blah/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rsa-0.9.8/src/pkcs1v15.rs:76:21
|
74 | pub fn new() -> Self
| --- required by a bound in this associated function
75 | where
76 | D: Digest + AssociatedOid,
| ^^^^^^^^^^^^^ required by this bound in 'Pkcs1v15Sign::new'

Can anyone explain how I fix this error?

I use the following code snippet.

    header_b64: &String,
    payload_b64: &String,
    signature_b64: &String,
    keycloak_key_n: &String,
    keycloak_key_e: &String,
) -> bool {
    // Step 1: Decode the signature
    let decoded_signature = match general_purpose::URL_SAFE_NO_PAD.decode(signature_b64) {
        Ok(sig) => sig,
        Err(_) => return false,
    };

    // Step 2: Decode modulus (n) and exponent (e)
    let n_bytes = match general_purpose::URL_SAFE_NO_PAD.decode(keycloak_key_n) {
        Ok(n) => n,
        Err(_) => return false,
    };
    let e_bytes = match general_purpose::URL_SAFE_NO_PAD.decode(keycloak_key_e) {
        Ok(e) => e,
        Err(_) => return false,
    };

    let n = BigUint::from_bytes_be(&n_bytes);
    let e = BigUint::from_bytes_be(&e_bytes);

    // Step 3: Construct the public key
    let public_key = match RsaPublicKey::new(n, e) {
        Ok(k) => k,
        Err(_) => return false,
    };

    // Step 4: Build the message: header.payload
    let message = format!("{}.{}", header_b64, payload_b64);

    // Step 5: Verify the signature using PKCS#1 v1.5 + SHA-256
    let padding = Pkcs1v15Sign::new::<Sha256>();
    public_key
        .verify(padding, message.as_bytes(), &decoded_signature)
        .is_ok()

}

It works for me. Are you importing the correct Sha256 type? It is re-exported by the rsa crate when the sha2 feature is enabled.

[dependencies]
base64 = "0.22.1"
rsa = { version = "0.9.8", features = ["sha2"] }

use base64::engine::{general_purpose, Engine as _};
use rsa::{sha2::Sha256, BigUint, Pkcs1v15Sign, RsaPublicKey};

FWIW, you should edit your post to fix the formatting. The fences use the backtick character (`) and not an apostrophe (').

Thanks parasyte. It ended up being a version issue difference between what I had in the .toml file for rsa vs sha2. Trap for young players (or old). New to the world of rust so this is a good lesson.

Thanks again for your time spent to reply.