Crate actix_4_jwt_auth
source ·Expand description
Actix 4 JWT Auth is a OIDC based authentication mechanism.
Examples
use actix_4_jwt_auth::{AuthenticatedUser, OIDCValidator, OIDCValidatorConfig};
use actix_web::{get, http::header, test, web, App, Error, HttpResponse, HttpServer};
use serde::{Deserialize, Serialize};
use biscuit::ValidationOptions;
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
pub struct FoundClaims {
pub iss: String,
pub sub: String,
pub aud: String,
pub name: String,
pub email: Option<String>,
pub email_verified: Option<bool>,
}
#[get("/authenticated_user")]
async fn authenticated_user(user: AuthenticatedUser<FoundClaims>) -> String {
format!("Welcome {}!", user.claims.name)
}
#[actix_rt::main]
async fn main() -> std::io::Result<()> {
let test_issuer = "https://a.valid.openid-connect.idp/".to_string();
let validation_options = ValidationOptions::default();
let created_validator = OIDCValidator::new_from_issuer(test_issuer.to_string(), validation_options).await.unwrap();
let validator_config = OIDCValidatorConfig {
issuer: test_issuer,
validator: created_validator,
};
HttpServer::new(move || {
App::new()
.app_data(validator_config.clone())
.service(authenticated_user)
})
.bind("0.0.0.0:8080".to_string())?
.run()
.await
}
Where the new_from_issuer will actually fetch the URL + ./well-known/oidc-configuration in order to find the location of the published keys.
More documentation
In addition to this API documentation, several other resources are available:
Structs
AuthenticatedUser with your given Claims struct will be extracted data to use in your functions.
The struct may contain registered claims, these are validated according to
RFC 7519
The OIDCValidator contains the core functionality and needs to be available in order to validate JWT
The config may be used to create your OIDCValidator programatically
When you do not add the app_data with your own config, a default will look for an
environment variable named OIDC_ISSUER and use that as base URL to fetch the
openid-configuration.
Enums
When a JWT token is received and validated, it may be faulty due to different reasons