auth0-integration

Auth0 client library for Rust — handles M2M token retrieval, JWT validation, and user management via the Auth0 Management API.

Installation

Add the crate to your Cargo.toml:

[dependencies]
auth0-integration = "0.2.1"
tokio = { version = "1", features = ["full"] }

Configuration

The library reads Auth0 credentials from environment variables:

use auth0_integration::Auth0Config;

let config = Auth0Config::from_env().expect("Missing Auth0 env vars");

Usage

Obtaining an M2M access token

Use Auth0ClientToken to run the Client Credentials flow. The response contains an AccessToken with the raw JWT string and a pre-decoded payload.

use auth0_integration::{Auth0Config, services::Auth0ClientToken};

#[tokio::main]
async fn main() {
    let config = Auth0Config::from_env().unwrap();
    let client = Auth0ClientToken::new(&config);

    let response = client.get_access_token().await.unwrap();

    // Print the raw JWT string
    println!("{}", response);

    // Access the decoded claims
    let token = response.access_token;
    println!("Subject: {}", token.decoded_access_token.sub);
    println!("Issuer:  {}", token.decoded_access_token.iss);
}

Calling the Auth0 Management API

Pass the AccessToken to Auth0Client to interact with the Management API.

use auth0_integration::{Auth0Config, services::{Auth0Client, Auth0ClientToken}};
use auth0_integration::models::UpdateUserRequest;

#[tokio::main]
async fn main() {
    let config = Auth0Config::from_env().unwrap();
    let response = Auth0ClientToken::new(&config).get_access_token().await.unwrap();
    let client = Auth0Client::new(&config, response.access_token);

    // Look up a user by email
    let users = client.get_user_by_email("user@example.com").await.unwrap();

    // Get or create a user
    let user = client
        .get_or_create_user("Jane Doe", "jane@example.com")
        .await
        .unwrap();

    // Update a user
    let mut req = UpdateUserRequest::new();
    req.name = Some("Jane Doe".to_string());
    req.blocked = Some(false);
    let updated = client.update_user(&user.user_id, req).await.unwrap();
}

Validating a JWT (RS256)

AccessToken::validate verifies the token signature, issuer, and audience against Auth0's JWKS endpoint.

use auth0_integration::{Auth0Config, models::AccessToken};

#[tokio::main]
async fn main() {
    let config = Auth0Config::from_env().unwrap();
    let token = AccessToken::new("eyJ...".to_string()).unwrap();

    match token.validate(&config).await {
        Ok(data) => println!("Valid! sub = {}", data.claims.sub),
        Err(e)   => eprintln!("Invalid token: {e}"),
    }
}

Checking permissions (scopes)

use auth0_integration::models::AccessToken;

let token = AccessToken::new("eyJ...".to_string()).unwrap();
let claims = &token.decoded_access_token;

// Single permission
let can_read = claims.validate_permissions("read:users");

// Multiple — all must be present to return true
let can_manage = claims.validate_permissions(["read:users", "update:users"]);

Decoding a token payload (without verification)

use auth0_integration::models::AccessToken;

let token = AccessToken::new("eyJ...".to_string()).unwrap();
println!("{:?}", token.decoded_access_token);

Key types

Docker

# Development (hot reload)
docker compose up --build

# View logs
docker compose logs -f auth0-integration

License

MIT