Lib.rs

Authentication
#jwt #oidc #oauth2 #authorizer #tower-middleware #resources #public-key

tower-oauth2-resource-server

Tower middleware that provides JWT authorization against an OpenID Connect (OIDC) Provider

by Dunklas

14 releases

new 0.2.2 Mar 17, 2025
0.2.1 Mar 11, 2025
0.1.10 Feb 27, 2025
0.1.8 Jan 27, 2025
0.1.4 Nov 25, 2024

#305 in Authentication

Download history 49/week @ 2024-11-27 120/week @ 2024-12-04 74/week @ 2024-12-11 1/week @ 2024-12-18 210/week @ 2025-01-01 111/week @ 2025-01-08 66/week @ 2025-01-15 130/week @ 2025-01-22 25/week @ 2025-01-29 7/week @ 2025-02-05 139/week @ 2025-02-12 11/week @ 2025-02-19 173/week @ 2025-02-26 183/week @ 2025-03-05 168/week @ 2025-03-12

540 downloads per month

MIT license

54KB
1.5K SLoC

tower-oauth2-resource-server

Tower middleware that provides JWT authorization against an OpenID Connect (OIDC) Provider. This is useful when an application has delegated authentication and/or authorization to an external authorization service (e.g. Auth0, Microsoft Entra, etc).

Main inspiration for this middleware (both in naming and functionality) is Spring Security OAuth 2.0 Resource Server.

The middleware will attempt to process each request by:

  • Read JWT from Authorization header (with Bearer prefix)
  • Validate the JWT's signature against a public key obtained from jwks_url
  • Validate iss, exp, aud and possibly nbf scopes of the JWT

If validation fails, a HTTP 401 is returned. Otherwise next service in the middleware chain will be called. Claims of the JWT are made available as a Request extension. This enables you to write further application logic based on the claims, e.g. rejecting request that lack a certain scope.

Configuration

See docs for OAuth2ResourceServerBuilder.

Example usage

Check the examples.

Dependencies

~7–21MB
~334K SLoC