# Rust : Forbidden (WIP)
An experimental auth library for Rust applications.
### Goals
This crate is to define a common set of traits and idioms to provide for most applications with a way to incorporate authentication.
### Non-goals
Is **NOT** the place to put the specific implementations for web/OS/etc.
## Warning
This is an experimental project, without members with experience in security.
I hope to put the "ball to move" so finally Rust has a decent auth system to rely on.
## 🔬 Research
These libraries and articles are used as inspiration:
* [13 best practices for user account, authentication, and password management, 2021 edition](https://cloud.google.com/blog/products/identity-security/account-authentication-and-password-management-best-practices)
* [Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
* [Password auth in Rust, from scratch - Attacks and best practices
](https://www.lpalmieri.com/posts/password-authentication-in-rust/)
* [Django Auth](https://docs.djangoproject.com/en/3.2/topics/auth/)
* [Terminology (what is realm, users, etc)](https://www.keycloak.org/docs/latest/server_admin/)
## 🤝 Contributing
Contributions, issues, and feature requests are welcome!
Feel free to check the [issues page](../../issues/).
In special anyone that has experience in building auth systems and know what to watch for!.
## Show your support
Give a ⭐️ if you like this project! or to help make this project a reality consider donate or sponsor with a subscription in [https://www.buymeacoffee.com/mamcx](https://www.buymeacoffee.com/mamcx).
## 📝 License
This project is dual licenced as [MIT](./LICENSE-MIT) & [APACHE](./LICENSE-APACHE).