Crate actix_middleware_rfc7662

source · []
Expand description

Actix-web extractor which validates OAuth2 tokens through an RFC 7662 token introspection endpoint.

To protect a resource, you add the RequireAuthorization extractor. This extractor must be configured with a token introspection url before it can be used.

The extractor takes an implementation of the AuthorizationRequirements trait, which is used to analyze the introspection response to determine if the request is authorized.

Example


#[get("/protected/api")]
async fn handle_read(_auth: RequireAuthorization<AnyScope>) -> impl Responder {
    HttpResponse::Ok().body("Success!\n")
}

fn setup_server() -> std::io::Result<impl Future> {
    let oauth_config = RequireAuthorizationConfig::<StandardToken>::new(
        "client_id".to_string(),
        Some("client_secret".to_string()),
        "https://example.com/oauth/authorize".parse().expect("invalid url"),
        "https://example.com/oauth/introspect".parse().expect("invalid url"),
    );

    Ok(HttpServer::new(move || {
        actix_web::App::new()
            .app_data(oauth_config.clone())
            .service(handle_read)
    })
    .bind("127.0.0.1:8182".to_string())?
    .run())
}

Structs

AnyScope
RequireAuthorization
RequireAuthorizationConfig
StandardToken

Empty (default) extra token fields.

StandardTokenIntrospectionResponse

Standard OAuth2 token introspection response.

Enums

BasicTokenType

Basic OAuth2 authorization token types.

Error

Traits

AuthorizationRequirements
ExtraTokenFields

Trait for adding extra fields to the TokenResponse.

RequireScope

Type Definitions

IntrospectionResponse