2 releases
0.1.1 | May 25, 2022 |
---|---|
0.1.0 | May 24, 2022 |
#998 in Authentication
17KB
287 lines
auth_for_warp
A proof-of-concept for a simple and reusable auth module that can be plugged into any warp-based server application.
Passwords are salted and hashed using argon2. On successful login, a JSON Web Token is generated using jsonwebtoken and returned to the client. A warp filter is provided to authenticate subsequent requests against that token via bearer authentication.
Some limitiations (certainly not an exhaustive list):
- TLS is necessary to avoid leaking passwords on the wire (no PAKE).
- Only supports username + password (no OAuth, no TOTP, etc).
- All credential storage is left up to the application.
- User ID allocation probably ought to be left up to the application.
- Only handles authentication, supporting authorization will need some design work.
Dependencies
~17–29MB
~523K SLoC