corevpn-auth 0.1.0

Authentication and authorization for CoreVPN - OAuth2, OIDC, SAML support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

# corevpn-auth

[![Crates.io](https://img.shields.io/crates/v/corevpn-auth.svg)](https://crates.io/crates/corevpn-auth)
[![Documentation](https://docs.rs/corevpn-auth/badge.svg)](https://docs.rs/corevpn-auth)
[![License](https://img.shields.io/crates/l/corevpn-auth.svg)](https://github.com/pegasusheavy/corevpn)

Authentication and authorization for CoreVPN - OAuth2, OIDC, and SAML support.

## Features

- **OAuth2/OIDC**: Integration with identity providers
- **SAML 2.0**: Enterprise SSO support
- **Certificate Auth**: X.509 client certificate authentication
- **Token Management**: Secure token storage and refresh
- **Provider Support**: Google, Microsoft, Okta, and generic OIDC

## Supported Providers

| Provider | Type | Features |
|----------|------|----------|
| Google | OIDC | Domain restriction, group claims |
| Microsoft | OIDC | Azure AD, tenant restriction |
| Okta | OIDC | Group-based access control |
| Generic | OIDC | Any OIDC-compliant IdP |
| SAML | SAML 2.0 | Enterprise IdP integration |

## Usage

```rust
use corevpn_auth::{OAuthProvider, OAuthConfig};

// Configure Google OAuth
let config = OAuthConfig::google(
    "client_id",
    "client_secret",
    vec!["example.com".to_string()], // allowed domains
);

// Create provider
let provider = OAuthProvider::new(config).await?;

// Get authorization URL
let (auth_url, state) = provider.authorization_url()?;

// Exchange code for tokens
let tokens = provider.exchange_code(code, state).await?;
```

## License

Licensed under either of:

- Apache License, Version 2.0 ([LICENSE-APACHE](../../LICENSE-APACHE))
- MIT license ([LICENSE-MIT](../../LICENSE-MIT))

at your option.