Expand description
Authentication — password hashing, API key management, request-context helpers, and optional JWT/OIDC support.
Request middleware is fail-closed by default. BearerAuthLayer reads only
Authorization: Bearer ... headers and emits a neutral
WWW-Authenticate: Bearer challenge on rejected requests; applications can
add realm/scope-specific challenge policy at their HTTP boundary if needed.
Re-exports§
pub use context::AuthClaims;pub use jwt::AsymmetricAlgorithm;pub use jwt::JwtAlgorithm;pub use jwt::JwtCodec;pub use jwt::JwtConfig;pub use jwt::JwtHeader;pub use jwt::JwtKeyMaterial;pub use jwt::JwtService;pub use jwt::KeyPair;pub use oidc::OidcAuthorizationRequest;pub use oidc::OidcClaims;pub use oidc::OidcClient;pub use oidc::OidcClientType;pub use oidc::OidcConfig;pub use oidc::OidcError;pub use oidc::OidcHttpClient;pub use oidc::OidcProviderMetadata;pub use oidc::OidcTokenExchangeRequest;pub use oidc::OidcUserInfo;pub use oidc::PkcePair;pub use oidc::ReqwestOidcHttpClient;pub use oidc::validate_id_token;pub use outcome::AuthOutcome;pub use outcome::MissingCredentialPolicy;pub use password::HashAlgorithm;pub use password::PasswordHasher;pub use password::ResetTokenGenerator;pub use traits::TokenGenerator;pub use traits::TokenValidator;
Modules§
- apikey
- API key generation, hashing, validation, and rotation with grace periods. API key generation, hashing, validation, rotation with grace periods.
- context
- Auth claims stored in request extensions / task-locals. Stores and retrieves auth claims from request context.
- jwt
- JWT sign/verify service.
JWT sign and verify using
jsonwebtoken. - oidc
- OpenID Connect (OIDC) support — discovery, token validation, userinfo. OpenID Connect (OIDC) support — discovery, PKCE, token validation, and userinfo.
- outcome
- Typed request authentication outcomes. Typed authentication outcomes for request middleware.
- password
- Password hashing and reset-token generation. Password hashing and short-lived reset-token generation.
- traits
- Core
TokenValidatorandTokenGeneratortraits.
Structs§
- Bearer
Auth Layer - Tower layer that validates
Authorization: Bearer <token>headers. - Bearer
Auth Service - Tower service produced by
BearerAuthLayer.