authbox
A lightweight, modular, async-first authentication framework for Rust.
authbox provides a flexible authentication system built around traits, pluggable components, and Tokio-ready async APIs.
It is designed for applications that need customizable authentication logic without being locked into a specific database, framework, or storage backend.
Documentation
Full documentation, guides, examples, and architecture overview available here:
Architecture
- authbox-core (traits + engine)
- authbox-jwt (JWT provider)
- authbox-argon2 (password hashing)
Features
- Secure password hashing with Argon2
- JWT access + refresh token authentication
- Refresh token rotation
- Refresh token revocation / blacklisting
- Email verification flow
- Password reset flow
- One-time token (OTT) support
- Fully async (
tokio) - Trait-driven architecture
- Pluggable storage backends
- Framework agnostic
- Test-friendly design
- Builder API for ergonomic setup
- Custom registration DTO support
Installation
Recommended Production Stack
| Component | Recommendation |
|---|---|
| Database | PostgreSQL |
| ORM | SQLx or Diesel |
| Cache / Token Store | Redis |
| Runtime | Tokio |
| HTTP Framework | Axum or Actix |
| Password Hashing | Argon2 |
Roadmap
- Async architecture
- JWT authentication
- Refresh token rotation
- Refresh token revocation
- Email verification
- Password reset flow
- One-time token support
- Pluggable storage backends
- Custom registration DTO support
- Axum middleware
- Actix middleware
- Session management
License
Apache-2.0