Unable to decode JWT

I am continuing to fumble my way through authentication. When I get my oauth token I am trying to decode the id_token using the biscuit library. I keep getting a strange error about missing field access_token.

struct OauthToken {
    access_token: String,
    id_token: String,
   token_type: String,
   scope: String,
   expires_in: u32,
}

I take the OauthToken and pass it to

JWT::<_, biscuit::Empty>::new_encoded(&token.id_token)

I then attempt to pass the encoded id_token to the decode function provided by biscuit:

encoded.decode(&(Secret::Bytes("secret".to_string().into_bytes())), SignatureAlgorithm::RS256)

Which gives the error

thread 'tokio-runtime-worker-1' panicked at 'internal error: entered unreachable code: This is a private method and should not be called erroneously.'

followed by

Err(Error { kind: Json(Error("missing field access_token", line: 1, column: 74)), url: None })

What am I doing wrong with the biscuit functions that I took directly from the example?

BTW I am printing the oauthtoken to stdout and it is valid

OauthToken { access_token: "NzY0g98XJ1bU5PitDy5Z9QVXTXLf5IL2", id_token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik1EUkZRVGt4TkVNM1JEQXhOemN6T1RkR00wTTRNRVZFUWpGQlFqWXlNREUwTXpoRk1UZEZOQSJ9.eyJnaXZlbl9uYW1lIjoiTWF0dGhldyIsImZhbWlseV9uYW1lIjoiU3RldmVuc29uIiwibmlja25hbWUiOiJzdGV2ZW5zb25tdCIsIm5hbWUiOiJNYXR0aGV3IFN0ZXZlbnNvbiIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vLV9pSFM4U01HcUhBL0FBQUFBQUFBQUFJL0FBQUFBQUFBQWJFL0h1ZGVicVExSUY0L3Bob3RvLmpwZyIsImdlbmRlciI6Im1hbGUiLCJsb2NhbGUiOiJlbiIsInVwZGF0ZWRfYXQiOiIyMDE5LTAxLTIzVDE0OjI0OjM5LjExN1oiLCJpc3MiOiJodHRwczovL2xpc3RvcGYuYXV0aDAuY29tLyIsInN1YiI6Imdvb2dsZS1vYXV0aDJ8MTExNDAxOTgyODA0MzEzNDIxODkyIiwiYXVkIjoibzZvakw2ZllVTEFpTzhhMjRzc2xhSVprRTVuZHFsSHoiLCJpYXQiOjE1NDgzNDExNDMsImV4cCI6MTU0ODM3NzE0M30.lxLb-6b4gkRP_NPWEZBYR5IEF0vLQPD3FFJOTbRthGB0icOLGNE9EH6xvsBgN_4OGqvahkLsz7pH69-_3ZwEF5JosIuDDzaxk6C3ePnlo7NZPY6CmHjiq2sayIzYz6Ce6w5hMuXPKT1eGwaPSNlZphgDt9iPGH4nZ66tV7wU7mtUG997mY7n_I1aS234q7MqA57nGihBTyPB6Jr41FsL1eNqEHEJ6snqb2UkqDr6dQUe3ZQ2v-q2GPVXet1NP6K8Ksa3wGTo5jC1kXHBAhQoycWqHgWLxnyUEAyc4tHLa1i8EXSE7JMfTlIfWbAhSin18KIVmvFAdVVLVjlwpKP9bA", token_type: "Bearer", scope: "openid profile", expires_in: 86400 }

I think the problem is I'm using the applications client secret here instead of the JWK. So I am now trying to figure out how to take a JWK that gives me fields of

alg, kty, use, x5c, n, e, kid, x5t

The best tutorial I've found so far gives the instruction

  • Using the x5c property build a certificate which will be used to verify the JWT signature.

Which is a bit like a cake recipe that says "Using flour, make a cake." Are there any rust libraries that handle this bit?