tideway 0.7.17

A batteries-included Rust web framework built on Axum for building SaaS applications quickly
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

use crate::error::Result;
use async_trait::async_trait;
use serde::de::DeserializeOwned;

/// Trait for authentication providers
///
/// Implement this trait to integrate any JWT-based auth provider
/// (Outseta, Auth0, Clerk, Supabase, custom, etc.)
///
/// # Type Parameters
///
/// * `Claims` - The JWT claims type (e.g., OutsetaClaims, Auth0Claims)
/// * `User` - The authenticated user type returned to your handlers
///
/// # Example
///
/// ```rust,ignore
/// use tideway::auth::{AuthProvider, JwtVerifier};
///
/// #[derive(Deserialize)]
/// struct MyClaims {
///     sub: String,
///     email: String,
/// }
///
/// struct MyUser {
///     id: String,
///     email: String,
/// }
///
/// struct MyAuthProvider {
///     verifier: JwtVerifier<MyClaims>,
/// }
///
/// #[async_trait]
/// impl AuthProvider for MyAuthProvider {
///     type Claims = MyClaims;
///     type User = MyUser;
///
///     async fn verify_token(&self, token: &str) -> Result<Self::Claims> {
///         let token_data = self.verifier.verify(token).await?;
///         Ok(token_data.claims)
///     }
///
///     async fn load_user(&self, claims: &Self::Claims) -> Result<Self::User> {
///         // Load user from database or return claims as-is
///         Ok(MyUser {
///             id: claims.sub.clone(),
///             email: claims.email.clone(),
///         })
///     }
/// }
/// ```
#[async_trait]
pub trait AuthProvider: Send + Sync + Clone + 'static {
    /// The JWT claims type
    type Claims: DeserializeOwned + Send + Sync;

    /// The authenticated user type
    type User: Send + Sync + Clone;

    /// Verify a JWT token and return the claims
    async fn verify_token(&self, token: &str) -> Result<Self::Claims>;

    /// Load the full user object from claims
    ///
    /// This is where you would typically:
    /// - Query your database for user details
    /// - Create a new user if this is their first login
    /// - Enrich the user object with additional data
    async fn load_user(&self, claims: &Self::Claims) -> Result<Self::User>;

    /// Optional: Validate additional business logic after token verification
    ///
    /// Override this to add custom validation (e.g., check if user is banned)
    async fn validate_user(&self, _user: &Self::User) -> Result<()> {
        Ok(())
    }

    /// Test-only helper for building claims from a synthetic user identity.
    ///
    /// This is only compiled when the `test-auth-bypass` feature is enabled.
    /// Override it if you want Tideway's test harness to support
    /// `with_test_user(...)` / `X-Test-User-Id` for your provider.
    #[cfg(feature = "test-auth-bypass")]
    async fn test_claims(&self, _user_id: &str) -> Result<Self::Claims> {
        Err(crate::error::TidewayError::internal(
            "Test auth bypass is enabled, but this auth provider does not implement `AuthProvider::test_claims`. \
             Override `test_claims` or use `with_test_claims(...)` / `X-Test-Claims` in tests.",
        ))
    }
}