Credentials

axum_gate::credentials

Struct Credentials 

Source 
pub struct Credentials<Id> {
    pub id: Id,
    pub secret: String,
}
Expand description

Authentication credentials containing a user identifier and plaintext secret.

This type represents user login data as typically received from client applications, containing a user identifier (such as email, username, or user ID) paired with a plaintext secret (password). Credentials are used during the authentication process to verify user identity against stored account data.

§Generic Parameter

  • Id: The type of user identifier (commonly String for emails/usernames, or uuid::Uuid for user IDs)

§Security Considerations

⚠️ Critical Security Notes:

  • Plaintext secrets: This type contains unencrypted passwords - handle with extreme care
  • Memory safety: Minimize the lifetime of credential instances in memory
  • Logging: Never log or print credential values - they contain sensitive data
  • Transport security: Always use HTTPS/TLS when transmitting credentials
  • Storage: Never store credentials directly - convert to hashed secrets for persistence

§Authentication Flow Integration

Credentials are typically used as input to authentication services:

use axum_gate::prelude::Credentials;

// 1. Receive credentials from client (e.g., JSON payload)
let client_credentials = Credentials::new(&"user@example.com".to_string(), "user_password");

// 2. Use in authentication service
// The login service will:
// - Look up the user account
// - Retrieve the stored secret hash
// - Verify the plaintext password against the hash
// - Return authentication result

§Timing Attack Protection

When used with the built-in login handler or LoginService, credentials are processed using constant-time operations to prevent timing-based user enumeration attacks:

  • Authentication takes consistent time regardless of whether the user exists
  • Password verification always occurs, even for non-existent users
  • Error responses don’t distinguish between “user not found” and “wrong password”

§JSON Serialization

Credentials support JSON serialization for API integration:

use axum_gate::prelude::Credentials;
use serde_json;

// Deserialize from JSON (typical in REST APIs)
let json = r#"{"id": "user@example.com", "secret": "password123"}"#;
let credentials: Credentials<String> = serde_json::from_str(json)?;

// Serialize to JSON (less common, avoid logging)
let json = serde_json::to_string(&credentials)?;

§Different Identifier Types

use axum_gate::prelude::Credentials;
use uuid::Uuid;

// String-based identifiers (email, username)
let email_creds = Credentials::new(&"user@domain.com".to_string(), "password");
let username_creds = Credentials::new(&"johndoe".to_string(), "secret123");

// UUID-based identifiers
let user_id = Uuid::now_v7();
let uuid_creds = Credentials::new(&user_id, "user_password");

// Custom identifier types work with any Clone type
#[derive(Clone)]
struct UserId(u64);

let user_id = UserId(12345);
let custom_creds = Credentials::new(&user_id, "password");

§Integration with axum Extractors

use axum::{Json, extract::State, http::StatusCode};
use axum_gate::prelude::Credentials;

// Extract credentials from JSON request body
async fn login_endpoint(
    Json(credentials): Json<Credentials<String>>,
) -> Result<String, StatusCode> {
    // Process credentials...
    Ok("Login successful".to_string())
}

// Extract credentials from form data
use axum::extract::Form;
async fn form_login(
    Form(credentials): Form<Credentials<String>>,
) -> Result<String, StatusCode> {
    // Process form-submitted credentials...
    Ok("Login successful".to_string())
}

Fields§

§id: Id

The identification of the user, eg. a username.

§secret: String

The secret of the user, eg. a password.

Implementations§

Source§

impl<Id> Credentials<Id>

Source

pub fn new(id: &Id, secret: &str) -> Self
where Id: ToOwned<Owned = Id>,

Creates new credentials with the specified identifier and plaintext secret.

This constructor creates a new Credentials instance containing a user identifier and plaintext password. The identifier is cloned and the secret is converted to an owned string for storage within the credentials.

§Parameters
  • id: User identifier (email, username, UUID, etc.) - must implement ToOwned
  • secret: Plaintext password or secret as received from the user
§Security Warning

The created credentials contain plaintext secrets. Ensure proper security practices:

  • Use credentials immediately for authentication
  • Avoid storing credentials in logs or persistent storage
  • Clear credentials from memory when no longer needed
  • Transmit only over secure channels (HTTPS/TLS)
§Examples
§String-based Authentication
use axum_gate::prelude::Credentials;

let credentials = Credentials::new(&"user@example.com".to_string(), "secure_password");
assert_eq!(credentials.id, "user@example.com");
assert_eq!(credentials.secret, "secure_password");
§UUID-based Authentication
use axum_gate::prelude::Credentials;
use uuid::Uuid;

let user_id = Uuid::now_v7();
let credentials = Credentials::new(&user_id, "user_secret");
assert_eq!(credentials.id, user_id);
assert_eq!(credentials.secret, "user_secret");
§Usage in Authentication Flow
use axum_gate::prelude::Credentials;

// Typically created from user input
let user_input_email = "admin@company.com";
let user_input_password = "admin_password";

let credentials = Credentials::new(
    &user_input_email.to_string(),
    user_input_password
);

// Credentials are now ready for authentication verification
// Pass to login service or authentication handler
§Generic Type Requirements

The identifier type Id must implement ToOwned to allow the credentials to take ownership of the identifier value. This is automatically satisfied by common types like String, uuid::Uuid, and most primitive types.

Trait Implementations§

Source§

impl<Id: Clone> Clone for Credentials<Id>

Source§

fn clone(&self) -> Credentials<Id>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<Id: Debug> Debug for Credentials<Id>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de, Id> Deserialize<'de> for Credentials<Id>
where Id: Deserialize<'de>,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<Id> Serialize for Credentials<Id>
where Id: Serialize,

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

§

impl<Id> Freeze for Credentials<Id>
where Id: Freeze,

§

impl<Id> RefUnwindSafe for Credentials<Id>
where Id: RefUnwindSafe,

§

impl<Id> Send for Credentials<Id>
where Id: Send,

§

impl<Id> Sync for Credentials<Id>
where Id: Sync,

§

impl<Id> Unpin for Credentials<Id>
where Id: Unpin,

§

impl<Id> UnwindSafe for Credentials<Id>
where Id: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<G1, G2> Within<G2> for G1
where G2: Contains<G1>,

Source§

fn is_within(&self, b: &G2) -> bool

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,