Crate oxide_auth

source ·
Expand description

oxide-auth

A OAuth2 server library, for use in combination with iron or other frontends, featuring a set of configurable and pluggable backends.

About

oxide-auth aims at providing a comprehensive and extensible interface to managing oauth2 tokens on a server. While the core package is agnostic of the used frontend, an optional actix adaptor is provided with the default configuration. Through an interface designed with traits, the frontend is as easily pluggable as the backend.

The actix frontend, included as a default feature, provides bindings to create an endpoint in actix-web.

Example

A fully featured example is realized with actix.

$ cargo run --example authorization_actix

Use cases

Versatility is a primary goal. Consequently, there are sever different scenarios in which this library will be useful. Of course all of them are related to server side use of OAuth2 protocol.

Create a web server with OAuth security

This library can be integrated into several different web server libraries. Most prominently actix-web and gotham. These frontends allow you to easily answer OAuth requests and secure protected resources, utilizing the library provided http request types. Some provide additional abstractions for an integrated feeling.

A complete list can be found in the frontends module.

Using the primitives

All primitives can be used independently of the frontend modules. This makes them reusable for other authentication methods. But this works the other way around as well. Your own implementations of these primitives can be used directly in conjuction with all frontends (although some may impose Send or Sync constraits due to limitations of the web library).

Custom Frontends

A key feature is the ability to add your own frontend without jeopardizing safety requirements. This requires custom, related implementations of WebRequest and WebResponse. WARNING: Custom frontends MUST ensure a secure communication layer with confidential clients. This means using TLS for communication over http (although there are currently discussions to consider communication to localhost as always occuring in a secure context).

For more information, see the documentation of code_grant::frontend

Modules

code_grant
Available backend algorithms.
frontends
Fully implemented frontends.
primitives
A collection of primites useful for more than one authorization method.