Expand description
Security middleware and extractors for axum.
axum-security is a modular toolkit — enable only the features you need.
Every feature adds a module with Tower middleware and/or axum extractors.
§Features
| Feature | Module | Description |
|---|---|---|
cookie | cookie | Server-side session management with pluggable stores |
jwt | jwt | JWT authentication (header or cookie) |
basic-auth | [basic_auth] | HTTP Basic Authentication |
oauth2 | oauth2 | OAuth 2.0 authorization code flow |
oidc | oidc | OpenID Connect (auto-discovery, ID token verification) |
rbac | rbac | Role-based access control |
pbac | pbac | Policy-based access control |
headers | headers | Security response headers (CSP, HSTS, etc.) |
Additional features: macros, tracing.
§Session types
The cookie, jwt, and basic-auth features each insert a session type
into request extensions. The session::Session enum unifies all three,
allowing downstream middleware (RBAC, PBAC, rate limiting) to work with
any authentication method.
Modules§
- cookie
- Server-side cookie session management.
- headers
- Security headers middleware.
- jwt
- JWT (JSON Web Token) authentication middleware and extractor.
- oauth2
- OAuth 2.0 authorization code flow.
- oidc
- OpenID Connect (OIDC) authentication.
- pbac
- Policy-based access control (PBAC).
- rbac
- Role-based access control (RBAC).
- session
- Unified session type across authentication methods.