Crate aliri_tower

source ·
Expand description

Authorizers for working with tower_http and other constructs in the ecosystem, including axum.

See the examples folder in the repository for a working example using an tonic web server. For a more ergonomic experience in axum, see the aliri_axum crate.

use axum::handler::Handler;
use aliri_oauth2::{scope, policy, ScopePolicy};
use aliri_tower::Oauth2Authorizer;

pub struct CustomClaims {
    // …
}

impl jwt::CoreClaims for CustomClaims {
    // …
}

let authority = construct_authority();
let authorizer = Oauth2Authorizer::new()
    .with_claims::<CustomClaims>()
    .with_terse_error_handler();

let app = axum::Router::new()
    .route(
        "/users",
        post(handle_post
            .layer(authorizer.scope_layer(policy![scope!["post_user"]]))),
    )
    .route(
        "/users/:id",
        get(handle_get
            .layer(authorizer.scope_layer(ScopePolicy::allow_one_from_static("get_user")))),
    )
    .layer(authorizer.jwt_layer(authority));

Modules§

  • util
    Utilities for generating HTTP responses on authorization falures

Structs§

  • Oauth2Authorizer
    Builder for generating layers that authenticate JWTs and authorize access based on oauth2 scope grants
  • TerseErrorHandler
    Terse responders for authentication and authorization failures
  • VerboseErrorHandler
    Verbose responders for authentication and authorization failures

Traits§

  • OnJwtError
    Handler for responding to failures while verifying a JWT
  • OnScopeError
    Handler for responding to failures while verifying scope claims