Skip to main content

Crate axum_security

Crate axum_security 

Source
Expand description

Security middleware and extractors for axum.

axum-security is a modular toolkit — enable only the features you need. Every feature adds a module with Tower middleware and/or axum extractors.

§Features

FeatureModuleDescription
cookiecookieServer-side session management with pluggable stores
jwtjwtJWT authentication (header or cookie)
basic-auth[basic_auth]HTTP Basic Authentication
oauth2oauth2OAuth 2.0 authorization code flow
oidcoidcOpenID Connect (auto-discovery, ID token verification)
rbacrbacRole-based access control
pbacpbacPolicy-based access control
headersheadersSecurity response headers (CSP, HSTS, etc.)

Additional features: macros, tracing.

§Session types

The cookie, jwt, and basic-auth features each insert a session type into request extensions. The session::Session enum unifies all three, allowing downstream middleware (RBAC, PBAC, rate limiting) to work with any authentication method.

Modules§

cookie
Server-side cookie session management.
headers
Security headers middleware.
jwt
JWT (JSON Web Token) authentication middleware and extractor.
oauth2
OAuth 2.0 authorization code flow.
oidc
OpenID Connect (OIDC) authentication.
pbac
Policy-based access control (PBAC).
rbac
Role-based access control (RBAC).
session
Unified session type across authentication methods.

Macros§

define_header