#web #rocket #auth #authentication #basic-auth


A high-level basic access authentication request guard for Rocket.rs

3 stable releases

2.1.1 Sep 7, 2021
1.0.0 Dec 2, 2020

#64 in Authentication

MIT license

93 lines


Tests Docs

A high-level basic access authentication request guard for Rocket.rs


#[macro_use] extern crate rocket;

use rocket_basicauth::BasicAuth;

/// Hello route with `auth` request guard, containing a `name` and `password`
fn hello(auth: BasicAuth, age: u8) -> String {
    format!("Hello, {} year old named {}!", age, auth.username)

fn rocket() -> _ {
    rocket::build().mount("/", routes![hello])


Simply add the following to your Cargo.toml file:

rocket-basicauth = "2"

Disabling logging

By default, this crate uses the log library to automatically add minimal trace-level logging, to disable this, instead write:

rocket-basicauth = { version = "2", default-features = false }

Rocket 0.4

Support for Rocket 0.4 is decrepit in the eyes of this crate but may still be used by changing the version, to do this, instead write:

rocket-basicauth = "1"


Some essential security considerations to take into account are the following:

  • This crate has not been audited by any security professionals. If you are willing to do or have already done an audit on this crate, please create an issue as it would help out enormously! 😊
  • This crate purposefully does not limit the maximum length of http basic auth headers arriving so please ensure your webserver configurations are set properly.


~368K SLoC