Crate axum_oidc

Expand description

This Library allows using OpenID Connect with axum. It authenticates the user with the OpenID Connect Issuer and provides Extractors.

§Usage

The OidcAuthLayer must be loaded on any handler that might use the extractors. The user won’t be automatically logged in using this layer. If a valid session is found, the extractors will return the correct value and fail otherwise.

The OidcLoginLayer should be loaded on any handler on which the user is supposed to be authenticated. The User will be redirected to the OpenId Conect Issuer to authenticate. The extractors will always return a value.

The OidcClaims-extractor can be used to get the OpenId Conenct Claims. The OidcAccessToken-extractor can be used to get the OpenId Connect Access Token.

The OidcRpInitializedLogout-extractor can be used to get the rp initialized logout uri.

Your OIDC-Client must be allowed to redirect to every subpath of your application base url.

§Examples

Take a look at the examples folder for examples.

§Older Versions

All versions on crates.io are available as git tags. Additional all minor versions have their own branch (format vX.Y where X is the major and Y is the minor version) where bug fixes are implemented. Examples for each version can be found there in the previously mentioned examples folder.

§Contributing

I’m happy about any contribution in any form. Feel free to submit feature requests and bug reports using a GitHub Issue. PR’s are also appreciated.

§License

This Library is licensed under LGPLv3.

Modules§

error

Structs§

AdditionalProviderMetadata: additional metadata that is discovered on client creation via the .well-knwon/openid-configuration endpoint.
ClearSessionFlag: response extension flag to signal the OidcAuthLayer that the session should be cleared.
EmptyAdditionalClaims: an empty struct to be used as the default type for the additional claims generic
OidcAccessToken: Extractor for the OpenID Connect Access Token.
OidcAuthLayer: Layer for the OidcAuthMiddleware.
OidcAuthMiddleware: This middleware checks if the cached session is valid and injects the Claims, the AccessToken and the OidcClient in the request. This middleware needs to be loaded for every handler that is using on of the Extractors. This middleware doesn’t force a user to be authenticated.
OidcClaims: Extractor for the OpenID Connect Claims.
OidcClient: OpenID Connect Client
OidcLoginLayer: Layer for the OidcLoginMiddleware.
OidcLoginMiddleware: This middleware forces the user to be authenticated and redirects the user to the OpenID Connect Issuer to authenticate. This Middleware needs to be loaded afer OidcAuthMiddleware.
OidcRpInitiatedLogout: Extractor for the OpenID Connect RP-Initialized Logout URL

Traits§

AdditionalClaims

Type Aliases§

BoxError
IdToken
ProviderMetadata

Crate axum_oidcCopy item path