arium

Framework-agnostic authentication engine for axum + sqlx fullstack apps.

arium owns the auth domain — password hashing, sessions, OAuth and OpenID Connect (GitHub, Google, Microsoft, or any OIDC issuer), MFA/TOTP, email verification + password reset, RBAC, API tokens, and an audit log — plus the install helper that bolts the whole thing onto an axum::Router. It has no UI-framework dependency; framework adapters such as arium-dioxus wrap these primitives in their own server fns + UI.

Typical server-side usage:

use arium::{
    AuthConfig, Mailer, install, migrator,
    oauth::{github::GithubProvider, OAuthRegistry},
};

let pool = sqlx::sqlite::SqlitePoolOptions::new()
    .connect_with("sqlite://./app.db?mode=rwc".parse()?)
    .await?;
migrator().run(&pool).await?;

let mut oauth = OAuthRegistry::new(pool.clone())?;
if let Some(gh) = GithubProvider::from_env()? {
    oauth = oauth.with_provider(gh);
}

let cfg = AuthConfig::builder(pool.clone(), Mailer::from_env()?)
    .oauth(oauth)
    .build()?;

// `router` is any `axum::Router` (e.g. your framework's server router).
let router = install(router, cfg).await?;

oauth-github is on by default. The opt-in oauth-oidc, oauth-google, and oauth-microsoft features add a generic OpenID Connect provider plus Google/Microsoft presets — each from_env()-constructed and registered the same way as GithubProvider above.

Installation

[dependencies]
arium = "0.1"

arium requires exactly one database backend. sqlite is on by default; for PostgreSQL, disable defaults and select postgres:

[dependencies]
arium = { version = "0.1", default-features = false, features = ["postgres", "oauth-github", "mfa", "mail", "ratelimit", "tokens"] }

Without mail, AuthConfig::builder takes the pool alone. Full API reference on docs.rs.

License

Licensed under either of:

• Apache License, Version 2.0
• MIT License

at your option.