Leptos OIDC Authentication
leptos_oidc is a utility library for handling OpenID Connect (OIDC) authentication within the Leptos framework. It simplifies the integration of OIDC authentication flows with Leptos-based applications, making it easier to manage user authentication and tokens.
Table of Contents
Leptos compatibility
Crate version | Compatible Leptos version |
---|---|
<= 0.3 | 0.5 |
0.4-0.7 | 0.6 |
Features
leptos_oidc offers the following features:
- Initialization of the OIDC authentication process.
- Generation of login and logout URLs for redirecting users to OIDC providers (e.g., Keycloak).
- Conditional rendering of components based on the authentication state.
- Refreshing access tokens and storing them in local storage.
- Working with client and server side rendering
- Automatically refresh the access token in the background.
- PKCE challenge
Missing Features
- Make refresh token optional
- Some minor code refactoring/cleanup
Tested Backends with Example
leptos_oidc was tested with various backends. This doesn't mean that other
backends are not supported. Every backend which is support oidc
should work.
But feel free to ask for advice or give feedback!
Tested backends:
You can find a setup guide for the backends under docs/backends.
Keycloak
Rauthy
Installation
To use leptos_oidc in your Leptos-based application, add it as a dependency
in your Cargo.toml
file:
[]
= "0.7"
Note: This needs at least leptos v0.6
.
Usage
Initialization and Example
To get started with OIDC authentication, initialize the library with the
required authentication parameters. You can use the AuthParameters
struct
to specify the OIDC endpoints, client ID, redirect URIs, and other relevant
information.
Please keep in mind that the issuer
url needs to be the base url without the /.well-known/openid-configuration
.
use *;
use ;
/// This will be rendered, if the authentication library is still loading
/// This will be rendered, if the user is unauthenticated
/// This will be rendered, if the user is authentication
Note: Please keep in mind that the Auth::init
needs to be inside a Router
.
The internal state is using use_query
, which is only available inside a
Router
.
Generating Login and Logout URLs
leptos_oidc provides functions to generate login and logout URLs for your application. These URLs are used to redirect users to the OIDC provider for authentication and logout.
use *;
use Auth;
Conditional Rendering Components
The library includes transparent components to conditionally render content based on the authentication state. These components simplify the user interface when dealing with authenticated and unauthenticated users.
use *;
use Auth;
Refreshing Access Tokens
This library is now capable of refreshing the access_token
in the background. :)
License
leptos_oidc is distributed under the MIT License. For more information, see the LICENSE file.