Expand description
Zero-overhead JWT authentication, RBAC middleware, and password hashing for the Chopin web framework.
§Quick Start
ⓘ
use chopin_auth::{
HasJti, JwtManager, PasswordHasher, TokenBlacklist, init_jwt_manager, Auth,
};
use serde::{Deserialize, Serialize};
#[derive(Debug, Serialize, Deserialize)]
struct Claims {
sub: String,
jti: String,
exp: u64,
}
impl HasJti for Claims {
fn jti(&self) -> Option<&str> { Some(&self.jti) }
}
// Once at server startup:
let blacklist = TokenBlacklist::new();
let manager = JwtManager::new(b"my-secret").with_blacklist(blacklist.clone());
init_jwt_manager(manager);
// In a route handler, use `Auth<Claims>` as an extractor:
// async fn my_handler(auth: Auth<Claims>) -> Response { ... }
// Hash a password:
let hash = PasswordHasher::interactive().hash(b"p4ssw0rd")?;
// Revoke a token (e.g. on logout):
// blacklist.revoke(claims.jti.clone(), Some(claims.exp));Re-exports§
pub use crypto::PasswordHasher;pub use crypto::hash_password;pub use crypto::verify_password;pub use extractor::Auth;pub use extractor::ErrorHandler;pub use extractor::init_jwt_manager;pub use extractor::set_error_handler;pub use jwks::JwksProvider;pub use jwt::AuthError;pub use jwt::HasJti;pub use jwt::JwtConfig;pub use jwt::JwtManager;pub use middleware::Role;pub use middleware::RoleCheck;pub use middleware::ScopeCheck;pub use oauth::AuthorizationUrl;pub use oauth::TokenPair;pub use oauth::code_challenge_s256;pub use oauth::code_verifier;pub use oauth::token_pair;pub use revocation::TokenBlacklist;pub use standard_claims::StandardClaims;
Modules§
- crypto
- Argon2id password hashing and verification.
- extractor
Auth<C>request extractor and globalJwtManagerinitialisation.- jwks
- JSON Web Key Set (JWKS) support for external identity providers (RFC 7517).
- jwt
- JWT encoding, decoding, and lifecycle management.
- middleware
- RBAC middleware traits and the
require_role_middleware!macro. - oauth
- OAuth 2.0 / PKCE helpers for the authorization-code flow (RFC 7636).
- revocation
- Token revocation via a JWT ID (JTI) blacklist.
- standard_
claims - Pre-built generic claims type covering the most common JWT patterns.
Macros§
- require_
role_ middleware - Generate a zero-allocation middleware function that requires a specific role.
- require_
scope_ middleware - Generate a middleware function that requires a specific OAuth 2.0 scope.