#password #user-name #server #module #warp #token

auth_for_warp

plugin auth module for warp-based servers

2 releases

0.1.1 May 25, 2022
0.1.0 May 24, 2022

#998 in Authentication

Apache-2.0

17KB
287 lines

Action Status Crates.io Docs.rs

auth_for_warp

A proof-of-concept for a simple and reusable auth module that can be plugged into any warp-based server application.

Passwords are salted and hashed using argon2. On successful login, a JSON Web Token is generated using jsonwebtoken and returned to the client. A warp filter is provided to authenticate subsequent requests against that token via bearer authentication.

Some limitiations (certainly not an exhaustive list):

  • TLS is necessary to avoid leaking passwords on the wire (no PAKE).
  • Only supports username + password (no OAuth, no TOTP, etc).
  • All credential storage is left up to the application.
  • User ID allocation probably ought to be left up to the application.
  • Only handles authentication, supporting authorization will need some design work.

Dependencies

~17–29MB
~523K SLoC