Crate actix_4_jwt_auth

Expand description

Actix 4 JWT Auth is a OIDC based authentication mechanism.

§Examples

use actix_4_jwt_auth::{
    AuthenticatedUser, Oidc, OidcConfig, OidcBiscuitValidator,
    biscuit::{ValidationOptions, Validation}
};
use actix_web::{get, http::header, test, web, App, Error, HttpResponse, HttpServer};
use serde::{Deserialize, Serialize};

#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
pub struct FoundClaims {
    pub iss: String,
    pub sub: String,
    pub aud: String,
    pub name: String,
    pub email: Option<String>,
    pub email_verified: Option<bool>,
}

#[get("/authenticated_user")]
async fn authenticated_user(user: AuthenticatedUser<FoundClaims>) -> String {
    format!("Welcome {}!", user.claims.name)
}

#[actix_rt::main]
async fn main() -> std::io::Result<()> {

    let authority = "https://a.valid.openid-connect.idp/".to_string();

    let oidc = Oidc::new(OidcConfig::Issuer(authority.clone().into())).await.unwrap();

    let biscuit_validator = OidcBiscuitValidator { options: ValidationOptions {
            issuer: Validation::Validate(authority),
            ..ValidationOptions::default()
        }
    };

    HttpServer::new(move || {
      App::new()
              .app_data(oidc.clone())
              .wrap(biscuit_validator.clone())
              // .wrap(OidcBiscuitValidator::default()) //without issuer verification
              .service(authenticated_user)
      })
    .bind("0.0.0.0:8080".to_string())?
    .run()
    .await
}

Where the new_from_issuer will actually fetch the URL + ./well-known/oidc-configuration in order to find the location of the published keys.

§More documentation

In addition to this API documentation, several other resources are available:

Source code and development guidelines

Modules§

biscuit: Build Status Crates.io Repository Documentation dependency status

Structs§

AuthenticatedUser: AuthenticatedUser with your given Claims struct will be extracted data to use in your functions. The struct may contain registered claims, these are validated according to RFC 7519
DecodedInfo: DecodedInfo with a decorated token will retrieve data for use in your functions
Oidc: The Oidc contains the core functionality and needs to be available in order to validate JWT
OidcBiscuitValidator: Middleware with standard biscuit validation

Enums§

OIDCValidationError: When a JWT token is received and validated, it may be faulty due to different reasons
OidcConfig: Oidc configuration
TokenLookup: Override token lookup location