Crate actix_4_jwt_auth
source ·Expand description
Actix 4 JWT Auth is a OIDC based authentication mechanism.
§Examples
use actix_4_jwt_auth::{
AuthenticatedUser, Oidc, OidcConfig, OidcBiscuitValidator,
biscuit::{ValidationOptions, Validation}
};
use actix_web::{get, http::header, test, web, App, Error, HttpResponse, HttpServer};
use serde::{Deserialize, Serialize};
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]
pub struct FoundClaims {
pub iss: String,
pub sub: String,
pub aud: String,
pub name: String,
pub email: Option<String>,
pub email_verified: Option<bool>,
}
#[get("/authenticated_user")]
async fn authenticated_user(user: AuthenticatedUser<FoundClaims>) -> String {
format!("Welcome {}!", user.claims.name)
}
#[actix_rt::main]
async fn main() -> std::io::Result<()> {
let authority = "https://a.valid.openid-connect.idp/".to_string();
let oidc = Oidc::new(OidcConfig::Issuer(authority.clone().into())).await.unwrap();
let biscuit_validator = OidcBiscuitValidator { options: ValidationOptions {
issuer: Validation::Validate(authority),
..ValidationOptions::default()
}
};
HttpServer::new(move || {
App::new()
.app_data(oidc.clone())
.wrap(biscuit_validator.clone())
// .wrap(OidcBiscuitValidator::default()) //without issuer verification
.service(authenticated_user)
})
.bind("0.0.0.0:8080".to_string())?
.run()
.await
}
Where the new_from_issuer will actually fetch the URL + ./well-known/oidc-configuration in order to find the location of the published keys.
§More documentation
In addition to this API documentation, several other resources are available:
Modules§
Structs§
- AuthenticatedUser with your given Claims struct will be extracted data to use in your functions. The struct may contain registered claims, these are validated according to RFC 7519
- DecodedInfo with a decorated token will retrieve data for use in your functions
- The Oidc contains the core functionality and needs to be available in order to validate JWT
- Middleware with standard biscuit validation
Enums§
- When a JWT token is received and validated, it may be faulty due to different reasons
- Oidc configuration
- Override token lookup location