3 releases (stable)

1.1.0	Oct 19, 2025
1.0.0	Sep 23, 2025
1.0.0-rc.1	Sep 20, 2025

#632 in Authentication

22 downloads per month
Used in xjp-oidc-axum

MIT/Apache

210KB
4K SLoC

xjp-oidc - OpenID Connect SDK for Rust

A comprehensive OpenID Connect (OIDC) and OAuth 2.0 SDK for Rust, supporting both server-side and WebAssembly environments.

中文文档 | English

Features

🔐 Complete OAuth2/OIDC Implementation
- Authorization Code Flow with PKCE
- OIDC Discovery
- JWKS Caching
- ID Token Verification
- Custom Claims Support
🌍 Multi-Platform Support
- Native Rust (Linux, macOS, Windows)
- WebAssembly (Browser)
- Conditional Compilation
🚀 Production Ready
- Enterprise Features (DCR, RP-Initiated Logout)
- JWT Access Token Verification
- Multi-Issuer Support
- Comprehensive Error Handling
🔧 Framework Integration
- Axum Middleware and Extractors
- Tower Service Compatible
- Type-Safe Claim Extraction

Quick Start

Add to your Cargo.toml:

[dependencies]
xjp-oidc = "1.0.0-rc.1"

# For Axum integration
xjp-oidc-axum = "1.0.0-rc.1"

Basic usage:

use xjp_oidc::{create_pkce, build_auth_url, exchange_code, verify_id_token};
use xjp_oidc::types::{BuildAuthUrl, ExchangeCode, VerifyOptions};

// 1. Create PKCE challenge
let (verifier, challenge, _) = create_pkce()?;

// 2. Build authorization URL
let auth_url = build_auth_url(BuildAuthUrl {
    issuer: "https://auth.example.com".into(),
    client_id: "your-client-id".into(),
    redirect_uri: "https://app.example.com/callback".into(),
    scope: "openid profile email".into(),
    code_challenge: challenge,
    ..Default::default()
})?;

// 3. After callback, exchange code for tokens
let tokens = exchange_code(params, &http_client).await?;

// 4. Verify ID token
let verified = verify_id_token(&tokens.id_token, options).await?;

Examples

The repository includes several comprehensive examples:

Auth BFF Service

A production-ready authentication backend service:

cd auth-bff
cargo run

Resource Server

JWT-protected API example:

cd examples/resource-server
cargo run

DCR Tool

Dynamic Client Registration CLI:

cd examples/dcr-registration
cargo run -- register

Documentation

Getting Started Guide - Quick introduction and setup
API Reference - Complete API documentation
Security Best Practices - Security guidelines
Troubleshooting - Common issues and solutions

Platform Support

Platform	Features	Status
Linux x86_64	Full	✅ Supported
macOS (Intel/ARM)	Full	✅ Supported
Windows	Full	✅ Supported
WebAssembly	Core	✅ Supported

Security

Security is our top priority. Please see SECURITY.md for:

Vulnerability reporting process
Security best practices
Update policy

Contributing

We welcome contributions! Please see CONTRIBUTING.md for:

Code of conduct
Development setup
Submission guidelines

License

Licensed under either of:

Apache License, Version 2.0 (LICENSE-APACHE)
MIT license (LICENSE-MIT)

at your option.

Project Structure

xjp-oidc/
├── xjp-oidc/           # Core SDK
├── xjp-oidc-axum/      # Axum integration
├── auth-bff/           # Auth BFF service example
├── examples/
│   ├── resource-server/  # Resource server example
│   └── dcr-registration/ # DCR CLI tool
└── docs/               # Documentation

Minimum Supported Rust Version

MSRV: 1.82

Support

GitHub Issues: Report bugs
Discussions: Ask questions
Security: security@xiaojinpro.com

Built with ❤️ by the XiaojinPro team

Dependencies

~15–34MB
~485K SLoC