Crate armature_auth

Crate armature_auth 

Source
Expand description

Authentication and authorization for Armature.

This crate provides comprehensive authentication and authorization capabilities including JWT, OAuth2, SAML, password hashing, and guards.

§Features

  • 🔐 JWT Authentication - Token-based auth with armature-jwt
  • 🌐 OAuth2 - Google, Auth0, Microsoft, AWS Cognito, Okta
  • 🔑 SAML - Enterprise SAML 2.0 authentication (requires saml feature)
  • 🔒 Password Hashing - Secure bcrypt-based hashing
  • 🛡️ Guards - Route protection with auth and role guards
  • 👤 User Context - Request-scoped user information

§Cargo Features

  • default - Core authentication (JWT, OAuth2, password hashing)
  • saml - SAML 2.0 support (requires openssl/xmlsec1 system libraries)

§SAML System Requirements

The saml feature requires system libraries for XML signature verification:

  • Ubuntu/Debian: apt-get install libxml2-dev libxmlsec1-dev libxmlsec1-openssl
  • macOS: brew install libxmlsec1
  • Windows: Not recommended (complex setup)

§Quick Start - Password Authentication

use armature_auth::{AuthService, PasswordHasher, PasswordVerifier};

let auth_service = AuthService::new();

// Hash a password
let hash = auth_service.hash_password("secret123")?;

// Verify password
let is_valid = auth_service.verify_password("secret123", &hash)?;
assert!(is_valid);

§JWT Authentication

use armature_auth::AuthService;
use armature_jwt::{JwtConfig, JwtManager};

// Create JWT manager
let jwt_config = JwtConfig::new("your-secret-key".to_string());
let jwt_manager = JwtManager::new(jwt_config)?;

// Create auth service with JWT
let auth_service = AuthService::with_jwt(jwt_manager);

// JWT manager is now available
assert!(auth_service.jwt_manager().is_some());

§OAuth2 - Google Example

use armature_auth::{GoogleProvider, providers::GoogleConfig, OAuth2Provider};

let config = GoogleConfig::new(
    "client-id".to_string(),
    "client-secret".to_string(),
    "https://myapp.com/callback".to_string(),
);

let provider = GoogleProvider::new(config)?;

// Generate authorization URL
let (auth_url, state) = provider.authorization_url()?;
println!("Redirect user to: {}", auth_url);
println!("State: {}", state.secret());

// After callback, exchange code for token
let token = provider.exchange_code("auth-code".to_string()).await?;
println!("Access token: {}", token.access_token);

§Route Guards

use armature_auth::{AuthGuard, RoleGuard};
use armature_core::{Controller, Get};

#[controller("/admin")]
struct AdminController;

impl AdminController {
    // Require authentication
    #[get("/dashboard")]
    #[guard(AuthGuard)]
    async fn dashboard(&self) -> Result<HttpResponse, Error> {
        Ok(HttpResponse::ok())
    }

    // Require specific role
    #[get("/users")]
    #[guard(RoleGuard::new("admin"))]
    async fn users(&self) -> Result<HttpResponse, Error> {
        Ok(HttpResponse::ok())
    }
}

§SAML Authentication

use armature_auth::{SamlServiceProvider, SamlConfig, IdpMetadata};

let config = SamlConfig {
    entity_id: "https://myapp.com".to_string(),
    acs_url: "https://myapp.com/callback".to_string(),
    sls_url: None,
    idp_metadata: IdpMetadata::Url("https://idp.example.com/metadata".to_string()),
    sp_certificate: None,
    sp_private_key: None,
    contact_person: None,
    allow_unsigned_assertions: false,
    required_attributes: vec![],
};

let provider = SamlServiceProvider::new(config);

// Generate SAML auth request
let auth_request = provider.create_auth_request()?;
println!("SAML Request: {}", auth_request.saml_request);

Re-exports§

pub use api_key::ApiKey;
pub use api_key::ApiKeyError;
pub use api_key::ApiKeyManager;
pub use api_key::ApiKeyStore;
pub use error::AuthError;
pub use error::Result;
pub use guard::AuthGuard;
pub use guard::Guard;
pub use guard::RoleGuard;
pub use oauth2::OAuth2Provider;
pub use oauth2::OAuth2Token;
pub use oauth2::OAuth2UserInfo;
pub use password::PasswordHasher;
pub use password::PasswordVerifier;
pub use passwordless::MagicLinkToken;
pub use passwordless::PasswordlessError;
pub use passwordless::WebAuthnManager;
pub use strategy::AuthStrategy;
pub use strategy::JwtStrategy;
pub use strategy::LocalStrategy;
pub use user::AuthUser;
pub use user::UserContext;
pub use providers::Auth0Provider;
pub use providers::AwsCognitoProvider;
pub use providers::DiscordProvider;
pub use providers::DiscordUser;
pub use providers::GitHubProvider;
pub use providers::GitHubUser;
pub use providers::GitLabProvider;
pub use providers::GitLabUser;
pub use providers::GoogleProvider;
pub use providers::LinkedInProvider;
pub use providers::LinkedInUser;
pub use providers::MicrosoftEntraProvider;
pub use providers::OktaProvider;

Modules§

api_key
API Key Management
error
guard
oauth2
password
passwordless
Passwordless Authentication
prelude
Prelude for common imports.
providers
strategy
user

Structs§

AuthService
Authentication service for managing user authentication.