Expand description
§Auth Framework
A comprehensive authentication and authorization framework for Rust applications.
This crate provides a unified interface for various authentication methods, token management, permission checking, and secure credential handling with a focus on distributed systems.
§Features
- Multiple authentication methods (OAuth, API keys, JWT, etc.)
- Token issuance, validation, and refresh
- Role-based access control integration
- Permission checking and enforcement
- Secure credential storage
- Authentication middleware for web frameworks
- Distributed authentication with cross-node validation
- Single sign-on capabilities
- Multi-factor authentication support
- Audit logging of authentication events
- Rate limiting and brute force protection
- Session management
- Password hashing and validation
- Customizable authentication flows
§Quick Start
use auth_framework::{AuthFramework, AuthConfig};
use auth_framework::methods::JwtMethod;
use std::time::Duration;
// Configure the auth framework
let config = AuthConfig::new()
.token_lifetime(Duration::from_secs(3600))
.refresh_token_lifetime(Duration::from_secs(86400 * 7));
// Create the auth framework
let mut auth = AuthFramework::new(config);
// Register a JWT authentication method
let jwt_method = JwtMethod::new()
.secret_key("your-secret-key")
.issuer("your-service");
auth.register_method("jwt", Box::new(jwt_method));
// Initialize the framework
auth.initialize().await?;
// Create a token
let token = auth.create_auth_token(
"user123",
vec!["read".to_string(), "write".to_string()],
"jwt",
None,
).await?;
// Validate the token
if auth.validate_token(&token).await? {
println!("Token is valid!");
// Check permissions
if auth.check_permission(&token, "read", "documents").await? {
println!("User has permission to read documents");
}
}§Security Considerations
- Always use HTTPS in production
- Use strong, unique secrets for token signing
- Enable rate limiting to prevent brute force attacks
- Regularly rotate secrets and keys
- Monitor authentication events for suspicious activity
- Follow the principle of least privilege for permissions
See the Security Policy for comprehensive security guidelines.
Re-exports§
pub use auth::AuthFramework;pub use auth::AuthResult;pub use config::AuthConfig;pub use credentials::Credential;pub use errors::AuthError;pub use errors::Result;pub use errors::DeviceFlowError;pub use errors::OAuthProviderError;pub use tokens::AuthToken;pub use tokens::TokenInfo;pub use methods::ApiKeyMethod;pub use methods::JwtMethod;pub use methods::OAuth2Method;pub use methods::PasswordMethod;pub use methods::AuthMethod;pub use methods::MethodResult;pub use providers::OAuthProvider;pub use providers::UserProfile;pub use providers::DeviceAuthorizationResponse;pub use permissions::Permission;pub use permissions::Role;pub use permissions::PermissionChecker;
Modules§
- auth
- Main authentication framework implementation.
- config
- Configuration types for the authentication framework.
- credentials
- Credential types for various authentication methods.
- errors
- Error types for the authentication framework.
- methods
- Authentication method implementations.
- permissions
- Permission and role-based access control system.
- providers
- OAuth provider configurations and implementations.
- storage
- Storage backends for authentication data.
- tokens
- Token management and validation for the authentication framework.
- utils
- Utility functions for the authentication framework.