Lib.rs

Web programmingHTTP server | Network programming
#actix-web #actix #web #jwt #actix-middleware #http #cryptography

actix-4-jwt-auth

OIDC authentication extractor for Actix 4

by Olger Warnier and 5 contributors

18 releases (4 stable)

1.2.1 Apr 2, 2024
1.2.0 Dec 25, 2023
1.1.0 Nov 11, 2023
1.0.0 Jan 24, 2023
0.3.1 Nov 24, 2021

#91 in HTTP server

Download history 127/week @ 2023-12-28 103/week @ 2024-01-04 58/week @ 2024-01-11 11/week @ 2024-01-18 11/week @ 2024-02-01 22/week @ 2024-02-15 79/week @ 2024-02-22 59/week @ 2024-02-29 34/week @ 2024-03-07 28/week @ 2024-03-14 24/week @ 2024-03-21 157/week @ 2024-03-28 51/week @ 2024-04-04 6/week @ 2024-04-11

241 downloads per month

MIT license

41KB
791 lines

Actix 4 compatible JWT authentication

In order to make use of this crate, you can add it to your Cargo.toml

This crate is build with actix-4.

actix-4-jwt-auth = "1.2.0"

Or when you like to use the latest as found on github:

actix-4-jwt-auth = {git = "https://github.com/spectare/actix-4-jwt-auth", branch = "main"}

Works with extractors

    #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
    pub struct FoundClaims {
        pub iss: String,
        pub sub: String,
        pub aud: String,
        pub name: String,
        pub email: Option<String>,
        pub email_verified: Option<bool>,
    }

    #[get("/authenticated_user")]
    async fn authenticated_user(user: AuthenticatedUser<FoundClaims>) -> String {
        format!("Welcome {}!", user.claims.name)
    }

Is a Actix endpoint URL that extracts the AuthenticatedUser from the JWT based Authorization Bearer header.

You can wire your application like

      let authority = "https://a.valid.openid-connect.idp/".to_string();

      let oidc = Oidc::new(OidcConfig::Issuer(authority.clone().into())).await.unwrap();

      let biscuit_validator = OidcBiscuitValidator { options: ValidationOptions {
              issuer: Validation::Validate(authority),
              ..ValidationOptions::default()
          }
      };

      HttpServer::new(move || {
        App::new()
                .app_data(oidc.clone())
                .wrap(biscuit_validator.clone())
                // .wrap(OidcBiscuitValidator::default()) //without issuer verification
                .service(authenticated_user),
        })
      .bind("0.0.0.0:8080".to_string())?
      .run()
      .await

This will find the token from Authorization header value if you use Oidc::new

You can override the token lookup location (custom header or cookie) by importing TokenLookup enum

use actix_4_jwt_auth::{Oidc, OidcConfig, TokenLookup};

If you want you use custom header:

let token_lookup = TokenLookup::Header("x-custom-auth-header".into());

or use custom cookie:

let token_lookup = TokenLookup::Cookie("x-custom-auth-cookie".into());

and pass token_lookup as Oidc::new_with_token_lookup's second parameter

let oidc = Oidc::new_with_token_lookup(OidcConfig::Issuer(authority.clone().into()), token_lookup).await.unwrap();

More documentation is found on docs.rs

Dependencies

~25–39MB
~781K SLoC