#actix #http #web #cryptography

actix-4-jwt-auth

OIDC authentication extractor for Actix 4

14 unstable releases (5 breaking)

Uses new Rust 2021

0.6.1 Nov 22, 2022
0.5.2 Oct 20, 2022
0.4.3 Jul 26, 2022
0.4.2 Mar 8, 2022
0.3.1 Nov 24, 2021

#110 in HTTP server

Download history 23/week @ 2022-08-17 20/week @ 2022-08-24 7/week @ 2022-08-31 37/week @ 2022-09-07 13/week @ 2022-09-14 41/week @ 2022-09-21 25/week @ 2022-09-28 20/week @ 2022-10-05 8/week @ 2022-10-12 39/week @ 2022-10-19 10/week @ 2022-10-26 39/week @ 2022-11-02 8/week @ 2022-11-09 92/week @ 2022-11-16 46/week @ 2022-11-23 32/week @ 2022-11-30

184 downloads per month

MIT license

17KB
210 lines

Actix 4 compatible JWT authentication

In order to make use of this crate, you can add it to your Cargo.toml

This crate is build with actix-4.

actix-4-jwt-auth = "0.6.1"

Or when you like to use the latest as found on github:

actix-4-jwt-auth = {git = "https://github.com/spectare/actix-4-jwt-auth", branch = "main"}

Works with extractors

    #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
    pub struct FoundClaims {
        pub iss: String,
        pub sub: String,
        pub aud: String,
        pub name: String,
        pub email: Option<String>,
        pub email_verified: Option<bool>,
    }

    #[get("/authenticated_user")]
    async fn authenticated_user(user: AuthenticatedUser<FoundClaims>) -> String {
        format!("Welcome {}!", user.claims.name)
    }

Is a Actix endpoint URL that extracts the AuthenticatedUser from the JWT based Authorization Bearer header.

You can wire your application like

      let validation_options = ValidationOptions::default();
      let test_issuer = "https://accounts.google.com/".to_string();
      let created_validator = OIDCValidator::new_from_issuer(test_issuer.clone(), validation_options).await.unwrap();
      let validator_config = OIDCValidatorConfig {
          issuer: test_issuer,
          validator: created_validator,
      };

      HttpServer::new(move || {
        App::new()
                .app_data(validator_config.clone())
                .service(authenticated_user),
        })
      .bind("0.0.0.0:8080".to_string())?
      .run()
      .await

More documentation is found on docs.rs

Development of this crate

In order to run the integration tests, it is neccesary to run a service that mocks OIDC requests.

docker run -p8080:8080 -e BIND=0.0.0.0  spectare/oidc-token-test-service:latest

This service published a keyset with the openid-configuration and allows you to translate any claimset into a JWT token to be used in your tests. (So that may be valid, faulty or invalid)

cargo test

Thereafter will call the service to test various types of JWT tokens.

Dependencies

~24–33MB
~768K SLoC