Skip to main content

Crate micromegas_auth

Crate micromegas_auth 

Source
Expand description

Authentication providers for Micromegas

This crate provides authentication and authorization for Micromegas services. It supports multiple authentication methods:

  • API Keys: Simple bearer token authentication
  • OIDC: OpenID Connect authentication with automatic JWKS caching

§Example: API Key Authentication

use micromegas_auth::api_key::{ApiKeyAuthProvider, parse_key_ring};
use micromegas_auth::types::{AuthProvider, HttpRequestParts, RequestParts};

let json = r#"[{"name": "user1", "key": "secret-key-123"}]"#;
let keyring = parse_key_ring(json)?;
let provider = ApiKeyAuthProvider::new(keyring);

// Create request parts with Bearer token
let mut headers = http::HeaderMap::new();
headers.insert(
    http::header::AUTHORIZATION,
    "Bearer secret-key-123".parse().unwrap(),
);
let parts = HttpRequestParts {
    headers,
    method: http::Method::GET,
    uri: "/api/endpoint".parse().unwrap(),
};

let auth_ctx = provider.validate_request(&parts as &dyn RequestParts).await?;
println!("Authenticated: {}", auth_ctx.subject);

§Example: OIDC Authentication

use micromegas_auth::oidc::{OidcAuthProvider, OidcConfig, OidcIssuer};
use micromegas_auth::types::{AuthProvider, HttpRequestParts, RequestParts};

let config = OidcConfig {
    issuers: vec![OidcIssuer {
        issuer: "https://accounts.google.com".to_string(),
        audience: "your-client-id.apps.googleusercontent.com".to_string(),
    }],
    jwks_refresh_interval_secs: 3600,
    token_cache_size: 1000,
    token_cache_ttl_secs: 300,
};

let provider = OidcAuthProvider::new(config).await?;

// Create request parts with ID token
let mut headers = http::HeaderMap::new();
headers.insert(
    http::header::AUTHORIZATION,
    "Bearer id_token_here".parse().unwrap(),
);
let parts = HttpRequestParts {
    headers,
    method: http::Method::GET,
    uri: "/api/endpoint".parse().unwrap(),
};

let auth_ctx = provider.validate_request(&parts as &dyn RequestParts).await?;
println!("Authenticated: {}", auth_ctx.subject);

Modules§

api_key
API key authentication
axum
Axum middleware for HTTP authentication Axum middleware for HTTP authentication
default_provider
Default authentication provider initialization Default authentication provider initialization for Micromegas services.
multi
Multi-provider authentication (API key + OIDC) Multi-provider authentication that tries multiple auth methods in sequence.
oauth_state
OAuth state parameter signing and verification OAuth state parameter signing and verification
oidc
OIDC authentication with JWKS caching
tower
Tower service layer for tonic/gRPC authentication Tower service layer for async authentication with tonic/gRPC.
types
Core authentication types and traits
url_validation
URL validation utilities for authentication flows URL validation utilities for authentication flows
user_attribution
User attribution validation (prevents impersonation attacks) User attribution validation for preventing impersonation attacks