Crate aliri_tower

source · []
Expand description

Authorizers for working with tower_http and other constructs in the ecosystem, including axum.

See the examples folder in the repository for a working example using an tonic web server. For a more ergonomic experience in axum, see the aliri_axum crate.

use axum::handler::Handler;
use aliri_oauth2::{scope, policy, ScopePolicy};
use aliri_tower::Oauth2Authorizer;

pub struct CustomClaims {
    // …
}

impl jwt::CoreClaims for CustomClaims {
    // …
}

let authority = construct_authority();
let authorizer = Oauth2Authorizer::new()
    .with_claims::<CustomClaims>()
    .with_terse_error_handler();

let app = axum::Router::new()
    .route(
        "/users",
        post(handle_post
            .layer(authorizer.scope_layer(policy![scope!["post_user"]]))),
    )
    .route(
        "/users/:id",
        get(handle_get
            .layer(authorizer.scope_layer(ScopePolicy::allow_one_from_static("get_user")))),
    )
    .layer(authorizer.jwt_layer(authority));

Modules

util

Utilities for generating HTTP responses on authorization falures

Structs

Oauth2Authorizer

Builder for generating layers that authenticate JWTs and authorize access based on oauth2 scope grants

TerseErrorHandler

Terse responders for authentication and authorization failures

VerboseErrorHandler

Verbose responders for authentication and authorization failures

Traits

OnJwtError

Handler for responding to failures while verifying a JWT

OnScopeError

Handler for responding to failures while verifying scope claims