Crate oauth2_passkey_axum

Source
Expand description

§oauth2-passkey-axum

Axum web framework integration for the oauth2-passkey authentication library.

This crate provides ready-to-use Axum handlers, middleware, and UI components for OAuth2 and passkey authentication in your Axum web applications.

§Quick Start

For a complete working example, see the demo-both application which demonstrates both OAuth2 and passkey authentication in a single application.

§Features

  • Drop-in Axum Integration: Pre-built routers and middleware
  • Admin UI: Optional admin interface for user management
  • User UI: Authentication pages and flows
  • Route Protection: Middleware for protecting routes
  • CSRF Protection: Built-in CSRF token handling
  • Static Assets: CSS and JavaScript for authentication UI

§Basic Usage

use axum::{Router, response::Html};
use oauth2_passkey_axum::{oauth2_passkey_router, init, O2P_ROUTE_PREFIX};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Initialize authentication (reads configuration from environment variables)
    init().await?;

    // Create your application router
    let app: Router = Router::new()
        .route("/", axum::routing::get(|| async { Html("Hello World!") }))
        // Add authentication routes (default: /o2p, configurable via O2P_ROUTE_PREFIX env var)
        .nest(O2P_ROUTE_PREFIX.as_str(), oauth2_passkey_router());
        // .merge(other_routes) // Add your other routes here

    // Start server
    let listener = tokio::net::TcpListener::bind("127.0.0.1:3000").await?;
    axum::serve(listener, app).await?;

    Ok(())
}

See the repository documentation and examples for more details.

Structs§

AuthUser
Authenticated user information, available as an Axum extractor
CsrfHeaderVerified
Indicates whether the CSRF token was verified via an HTTP header.
CsrfToken
CSRF (Cross-Site Request Forgery) token for request validation.

Statics§

O2P_ADMIN_URL
URL of the admin users list page Default: “/o2p/admin/list_users”
O2P_LOGIN_URL
URL of supplementary login page Default: “/o2p/user/login”
O2P_REDIRECT_ANON
URL to redirect unauthenticated users to Default: “/”
O2P_ROUTE_PREFIX
Route prefix for all oauth2_passkey endpoints
O2P_SUMMARY_URL
URL of supplementary summary page Default: “/o2p/user/summary”

Functions§

init
Initialize the authentication coordination layer
is_authenticated_401
Authentication middleware that returns HTTP 401 for unauthenticated requests
is_authenticated_redirect
Authentication middleware that redirects unauthenticated requests to login page
is_authenticated_user_401
Authentication middleware that provides user data and returns HTTP 401 for unauthenticated requests
is_authenticated_user_redirect
Authentication middleware that provides user data and redirects unauthenticated requests
oauth2_passkey_router
Create a combined router for all authentication endpoints
passkey_well_known_router
Creates a router for the WebAuthn well-known endpoint Creates a router for WebAuthn/.well-known endpoints