Lib.rs

Authentication
#extractor #introspection #oauth2 #validate #token #actix-web #rfc

actix-middleware-rfc7662

Actix-web extractor which validates OAuth2 tokens through an RFC 7662 token introspection endpoint

by Jesse Morgan

2 unstable releases

0.2.0 Mar 23, 2022
0.1.0 Mar 21, 2022

#931 in Authentication

MIT license

16KB
228 lines

Actix-web extractor which validates OAuth2 tokens through an RFC 7662 token introspection endpoint.

To protect a resource, you add the RequireAuthorization extractor. This extractor must be configured with a token introspection url before it can be used.

The extractor takes an implementation of the AuthorizationRequirements trait, which is used to analyze the introspection response to determine if the request is authorized.

Example


#[get("/protected/api")]
async fn handle_read(_auth: RequireAuthorization<AnyScope>) -> impl Responder {
    HttpResponse::Ok().body("Success!\n")
}

fn setup_server() -> std::io::Result<impl Future> {
    let oauth_config = RequireAuthorizationConfig::<StandardToken>::new(
        "client_id".to_string(),
        Some("client_secret".to_string()),
        "https://example.com/oauth/authorize".parse().expect("invalid url"),
        "https://example.com/oauth/introspect".parse().expect("invalid url"),
    );

    Ok(HttpServer::new(move || {
        actix_web::App::new()
            .app_data(oauth_config.clone())
            .service(handle_read)
    })
    .bind("127.0.0.1:8182".to_string())?
    .run())
}

Dependencies

~19–34MB
~614K SLoC