Expand description
§modo::auth
Identity and access — session, JWT, OAuth, API keys, roles, and gating guards.
This is the umbrella module for everything related to authenticating callers
and gating routes. Each capability lives in its own submodule; the
guard submodule houses the route-level layers (require_authenticated,
require_role, require_scope) that compose with the rest.
Always available — no feature flag required.
§Submodules
| Module | Purpose |
|---|---|
session | Database-backed HTTP session management (cookie and JWT sessions) |
apikey | Prefixed API key issuance, verification, and lifecycle |
role | Role-based gating (extractor + middleware) |
guard | Route-level gating layers (require_authenticated, require_role, require_scope) |
jwt | JWT encoding, decoding, signing, and axum Tower middleware (alias for session::jwt) |
oauth | OAuth 2.0 provider integrations (GitHub, Google) |
password | Argon2id password hashing and verification |
otp | Numeric one-time password generation and verification |
totp | RFC 6238 TOTP authenticator (Google Authenticator compatible) |
backup | One-time backup recovery code generation and verification |
§Convenience re-exports
The following types are re-exported at the modo::auth level for convenience:
PasswordConfig— Argon2id hashing parametersTotp— TOTP authenticator instanceTotpConfig— TOTP algorithm parametersClaims— standard JWT registered claims; axum extractorJwtSessionsConfig— YAML configuration (signing secret, TTLs, token sources)JwtConfig— back-compat alias forJwtSessionsConfigJwtEncoder— signs anySerializepayload into a JWT stringJwtDecoder— verifies and deserializes any JWT stringJwtLayer— Tower middleware that enforces JWT auth on axum routesJwtError— typed JWT error enum with staticcode()stringsBearer— axum extractor for raw Bearer token stringsHmacSigner— HMAC-SHA256 (HS256) signer/verifierTokenSigner,TokenVerifier— JWT signing traitsTokenSource,TokenSourceConfig— pluggable token extraction trait and YAML configValidationConfig— JWT validation policy (leeway, issuer, audience)
Re-exports§
pub use crate::auth::session::jwt;pub use password::PasswordConfig;pub use totp::Totp;pub use totp::TotpConfig;pub use jwt::Bearer;pub use jwt::Claims;pub use jwt::HmacSigner;pub use jwt::JwtConfig;pub use jwt::JwtDecoder;pub use jwt::JwtEncoder;pub use jwt::JwtError;pub use jwt::JwtLayer;pub use jwt::JwtSessionsConfig;pub use jwt::TokenSigner;pub use jwt::TokenSource;pub use jwt::TokenSourceConfig;pub use jwt::TokenVerifier;pub use jwt::ValidationConfig;