Lib.rs

Authentication

authentic

Authentication library

by jongiddy

14 releases (4 breaking)

0.5.0 May 13, 2022
0.4.3 Apr 28, 2022
0.3.0 Apr 11, 2022
0.2.0 Apr 5, 2022
0.1.6 Mar 25, 2022

#375 in Authentication

Download history 10/week @ 2023-10-20 34/week @ 2023-10-27 11/week @ 2023-11-03 11/week @ 2023-11-10 11/week @ 2023-11-17 37/week @ 2023-11-24 61/week @ 2023-12-01 7/week @ 2023-12-08 22/week @ 2023-12-15 36/week @ 2023-12-22 3/week @ 2023-12-29 22/week @ 2024-01-05 10/week @ 2024-01-12 20/week @ 2024-01-19 63/week @ 2024-01-26 4/week @ 2024-02-02

98 downloads per month
Used in jinxapi-github

Apache-2.0

63KB
1K SLoC

authentic

A Rust crate to handle authentication of HTTP calls. Documentation at https://docs.rs/authentic/latest/authentic/.

Authentication protocols can require specific workflows, such as making third-party calls to refresh a token or performing an initial request to get challenge information.

Using a fixed code structure, authentic can perform the necessary interactions for each authentication protocol. This allows protocols to be changed easily.

For example, the following code uses reqwest to access a site using HTTP Basic authentication. (See the repository tests directory for fully working examples).

// One-time code:
let client = reqwest::blocking::Client::new();

let mut realm_credentials = HashMap::new();
realm_credentials.insert(
    "Fake Realm".into(),
    Arc::new(UsernamePasswordCredential::new("username", "password")),
);
let credential = Arc::new(HttpRealmCredentials::new(realm_credentials));

// Per-request code:
let mut authentication = HttpAuthentication::new(credential);

let response = loop {
    while let Some(auth_step) = authentication.step()? {
        match auth_step {
            AuthenticationStep::Request(request) => {
                let auth_response = client.execute(request);
                authentication.respond(auth_response);
            }
            AuthenticationStep::WaitFor(duration) => {
                std::thread::sleep(duration);
            }
        }
    }

    let response = client
        .get("https://httpbin.org/basic-auth/username/password")
        .with_authentication(&authentication)?
        .send()?;

    if authentication.has_completed(&response)? {
        break response;
    }
};

The creation of the request takes place inside a loop. First, the authentication protocol is given an opportunity to perform any third-party calls using step(). HTTP Basic authentication does not use this, but it can be used, for example, to refresh an expired OAuth2 access token.

The request is created using a standard reqwest::RequestBuilder, using a new with_authentication() method to modify the request for the authentication protocol. For HTTP authentication, the first iteration makes no change to the request.

The request is sent and a response is received. For HTTP authentication, this returns a 401 Unauthorized response.

The has_completed() method checks if the response is ready to be returned or if the authentication protocol needs to retry. For HTTP authentication, this reads the returned www-authenticate challenge and establishes the correct credentials. As the request needs to be retried, has_completed() returns false and a second iteration begins.

On the second iteration of the loop, with_authentication() adds the credentials as the Authorization header to the request. The request is authenticated and the response contains the correct data. has_completed() will return true and the loop exits with the response.

Dependencies

~1–15MB
~199K SLoC