Expand description
§oauth2-passkey
A minimal-dependency, security-focused authentication library for Rust web applications supporting both OAuth2 and WebAuthn/Passkey authentication.
This framework-agnostic core library provides authentication coordination between OAuth2, WebAuthn/Passkey, and session management, with flexible storage backends.
§Key Features
- 🔐 Secure Session Management: Automatic cookie handling with CSRF protection
- 🌐 OAuth2 Authentication: Google OAuth2/OIDC support
- 🔑 WebAuthn/Passkey Authentication: FIDO2 compliant
- 📦 Minimal Dependencies: Security-focused design philosophy
- 🔌 Flexible Storage: Support for SQLite, PostgreSQL, Redis, and in-memory caching
§Usage
This crate provides the core authentication functionality that can be used directly
or through framework-specific integration crates like oauth2-passkey-axum.
use oauth2_passkey::{init, SessionUser};
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Initialize authentication (reads configuration from environment variables)
init().await?;
// Now authentication functions can be used
// (usually through a web framework integration)
Ok(())
}See the repository documentation for more details on configuration and advanced usage.
Structs§
- Auth
Response - Response from an OAuth2 authorization request
- Authentication
Options - Options for initiating a WebAuthn authentication request.
- Authentication
Status - Indicates the overall authentication status of a session.
- Authenticator
Info - Information about a passkey authenticator device.
- Authenticator
Response - Response from the authenticator during a WebAuthn authentication flow.
- Csrf
Header Verified - Indicates whether the CSRF token was verified via an HTTP header.
- Csrf
Token - CSRF (Cross-Site Request Forgery) token for request validation.
- DbUser
- Represents a core user identity in the system
- OAuth2
Account - Represents an OAuth2 account linked to a user
- Passkey
Credential - Stored credential information for a WebAuthn/Passkey.
- Register
Credential - Credential data received during WebAuthn registration.
- Registration
Options - Options for initiating a WebAuthn registration request.
- Registration
Start Request - Request for starting passkey registration with explicit mode.
- Session
User - User information stored in the session.
Enums§
- Coordination
Error - Errors that can occur during authentication coordination
- OAuth2
Mode - Mode of OAuth2 operation to explicitly indicate user intent.
- Session
Error - Errors that can occur during session management operations.
Statics§
- O2P_
ROUTE_ PREFIX - Route prefix for all oauth2_passkey endpoints
- SESSION_
COOKIE_ NAME - Name of the session cookie used for authentication.
Functions§
- delete_
oauth2_ account_ admin - Deletes an OAuth2 account as an administrator.
- delete_
oauth2_ account_ core - Delete an OAuth2 account for a user
- delete_
passkey_ credential_ admin - Deletes a passkey credential as an administrator.
- delete_
passkey_ credential_ core - Delete a passkey credential for a user
- delete_
user_ account - Delete a user account and all associated OAuth2 accounts and Passkey credentials
- delete_
user_ account_ admin - Completely deletes a user account as an administrator.
- generate_
page_ session_ token - Generates a page session token for synchronizing sessions across pages.
- get_
all_ users - Retrieves a list of all users in the system.
- get_
authenticator_ info - Retrieves information about an authenticator based on its AAGUID.
- get_
authenticator_ info_ batch - Retrieves information for multiple authenticators in a batch.
- get_
authorized_ core - Processes an OAuth2 GET authorization request.
- get_
csrf_ token_ from_ session - Retrieves the CSRF token from a session.
- get_
related_ origin_ json - Generates a JSON configuration for cross-origin WebAuthn credential use.
- get_
user - Retrieves a specific user by their ID.
- get_
user_ and_ csrf_ token_ from_ session - Retrieves both user information and CSRF token from a session.
- get_
user_ from_ session - Retrieves user information from a session cookie.
- handle_
finish_ authentication_ core - Core function that handles the business logic of finishing authentication
- handle_
finish_ registration_ core - Core function that handles the business logic of finishing registration
- handle_
start_ authentication_ core - Core function that handles the business logic of starting authentication
- handle_
start_ registration_ core - Core function that handles the business logic of starting registration with provided user info
- init
- Initialize the authentication coordination layer
- is_
authenticated_ basic - Check if the request is authenticated by examining the session headers
- is_
authenticated_ basic_ then_ csrf - Performs basic authentication and returns the CSRF token if successful.
- is_
authenticated_ basic_ then_ user_ and_ csrf - Performs authentication and returns the user data and CSRF token.
- is_
authenticated_ strict - Performs strict session authentication, verifying the user exists in the database.
- is_
authenticated_ strict_ then_ csrf - Performs strict authentication and returns the CSRF token if successful.
- list_
accounts_ core - Lists all OAuth2 accounts associated with a user.
- list_
credentials_ core - Core function that handles the business logic of listing passkey credentials
- post_
authorized_ core - Processes an OAuth2 POST authorization request.
- prepare_
logout_ response - Prepare a logout response by removing the session cookie and deleting the session from storage
- prepare_
oauth2_ auth_ request - Prepares an OAuth2 authentication request URL and necessary headers.
- update_
passkey_ credential_ core - Update the name and display name of a passkey credential
- update_
user_ account - Update a user’s account and label
- update_
user_ admin_ status - Updates a user’s administrative status.
- verify_
page_ session_ token - Verifies that a page session token matches the current session’s CSRF token.