Crate actix_4_jwt_auth

source ·
Expand description

Actix 4 JWT Auth is a OIDC based authentication mechanism.

Examples

use actix_4_jwt_auth::{AuthenticatedUser, OIDCValidator, OIDCValidatorConfig};
use actix_web::{get, http::header, test, web, App, Error, HttpResponse, HttpServer};
use serde::{Deserialize, Serialize};
use biscuit::ValidationOptions;

#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
pub struct FoundClaims {
    pub iss: String,
    pub sub: String,
    pub aud: String,
    pub name: String,
    pub email: Option<String>,
    pub email_verified: Option<bool>,
}
     
#[get("/authenticated_user")]
async fn authenticated_user(user: AuthenticatedUser<FoundClaims>) -> String {
    format!("Welcome {}!", user.claims.name)
}

#[actix_rt::main]
async fn main() -> std::io::Result<()> {
    let test_issuer = "https://a.valid.openid-connect.idp/".to_string();
    let validation_options = ValidationOptions::default();
    let created_validator = OIDCValidator::new_from_issuer(test_issuer.to_string(), validation_options).await.unwrap();
    let validator_config = OIDCValidatorConfig {
        issuer: test_issuer,
        validator: created_validator,
    };
     
    HttpServer::new(move || {
      App::new()
              .app_data(validator_config.clone())
              .service(authenticated_user)
      })
    .bind("0.0.0.0:8080".to_string())?
    .run()
    .await
}

Where the new_from_issuer will actually fetch the URL + ./well-known/oidc-configuration in order to find the location of the published keys.

More documentation

In addition to this API documentation, several other resources are available:

Structs

AuthenticatedUser
AuthenticatedUser with your given Claims struct will be extracted data to use in your functions. The struct may contain registered claims, these are validated according to RFC 7519
OIDCValidator
The OIDCValidator contains the core functionality and needs to be available in order to validate JWT
OIDCValidatorConfig
The config may be used to create your OIDCValidator programatically When you do not add the app_data with your own config, a default will look for an environment variable named OIDC_ISSUER and use that as base URL to fetch the openid-configuration.

Enums

OIDCValidationError
When a JWT token is received and validated, it may be faulty due to different reasons