Struct AuthxConfig 

pub struct AuthxConfig {

    pub bind: String,
    pub database_url: Option<String>,
    pub secure_cookies: bool,
    pub session_ttl_secs: i64,
    pub trusted_origins: Vec<String>,
    pub rate_limit_max: u32,
    pub rate_limit_window: Duration,
    pub lockout_max_failures: u32,
    pub lockout_window: Duration,
    pub encryption_key_hex: Option<String>,
    pub oidc_issuer: Option<String>,
    pub oidc_access_token_ttl_secs: i64,
    pub oidc_id_token_ttl_secs: i64,
    pub oidc_refresh_token_ttl_secs: i64,
    pub oidc_auth_code_ttl_secs: i64,
    pub oidc_device_code_ttl_secs: i64,
    pub oidc_device_code_interval_secs: u32,
    pub oidc_verification_uri: Option<String>,
    pub webauthn_rp_id: String,
    pub webauthn_rp_origin: String,
    pub webauthn_challenge_ttl_secs: u64,
}

Central configuration for authx-rs services.

All fields carry sensible defaults. Use AuthxConfig::from_env to override any field via environment variables (prefix AUTHX_), or construct directly.

Fields

bind: String

Bind address (e.g. 0.0.0.0:3000).

database_url: Option<String>

Database URL. None ⇒ in-memory store.

secure_cookies: bool

Enable HTTPS-only cookies.

session_ttl_secs: i64

Session TTL in seconds (default: 30 days).

trusted_origins: Vec<String>

Trusted origins for CSRF validation (comma-separated in env).

rate_limit_max: u32

Max requests per rate-limit window on auth routes.

rate_limit_window: Duration

Rate-limit window duration.

lockout_max_failures: u32

Number of failures before lockout.

lockout_window: Duration

Lockout window duration.

encryption_key_hex: Option<String>

32-byte hex-encoded encryption key for OAuth/federation tokens. None ⇒ random key generated at startup (tokens won’t survive restart).

oidc_issuer: Option<String>

Issuer URL for the built-in OIDC provider.

oidc_access_token_ttl_secs: i64

Access token TTL in seconds.

oidc_id_token_ttl_secs: i64

ID token TTL in seconds.

oidc_refresh_token_ttl_secs: i64

Refresh token TTL in seconds.

oidc_auth_code_ttl_secs: i64

Authorization code TTL in seconds.

oidc_device_code_ttl_secs: i64

Device code TTL in seconds.

oidc_device_code_interval_secs: u32

Device code poll interval in seconds.

oidc_verification_uri: Option<String>

Verification URI for device flow.

webauthn_rp_id: String

Relying party ID (RP ID), usually the effective domain.

webauthn_rp_origin: String

Allowed origin for WebAuthn ceremonies.

webauthn_challenge_ttl_secs: u64

Challenge TTL in seconds for begin/finish ceremony pairing.

Implementations

impl AuthxConfig

pub fn from_env() -> Self

Load configuration from environment variables with AUTHX_ prefix.

Every field falls back to Default when its env var is absent.

Field	Env var
bind	AUTHX_BIND
database_url	DATABASE_URL
secure_cookies	AUTHX_SECURE_COOKIES
session_ttl_secs	AUTHX_SESSION_TTL
trusted_origins	AUTHX_TRUSTED_ORIGINS (comma)
rate_limit_max	AUTHX_RATE_LIMIT
rate_limit_window	AUTHX_RATE_LIMIT_WINDOW_SECS
lockout_max_failures	AUTHX_LOCKOUT_FAILURES
lockout_window	AUTHX_LOCKOUT_MINUTES
encryption_key_hex	AUTHX_ENCRYPTION_KEY
oidc_issuer	AUTHX_OIDC_ISSUER
oidc_*_ttl_secs	AUTHX_OIDC_ACCESS_TOKEN_TTL etc.
webauthn_rp_id	AUTHX_WEBAUTHN_RP_ID
webauthn_rp_origin	AUTHX_WEBAUTHN_RP_ORIGIN
webauthn_challenge_ttl_secs	AUTHX_WEBAUTHN_CHALLENGE_TTL

pub fn encryption_key(&self) -> [u8; 32]

Parse the 32-byte encryption key from hex, or generate a random one.

Trait Implementations

impl Clone for AuthxConfig

fn clone(&self) -> AuthxConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AuthxConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for AuthxConfig

fn default() -> Self

Returns the “default value” for a type.