Crate rune_axum_bearer

Expand description

Bearer token extractor for Axum — typed extraction from Authorization headers.

Implements FromRequestParts for BearerToken, pulling the raw token from an Authorization: Bearer <token> header. Requests with a missing or malformed header are rejected with 401 Unauthorized and a WWW-Authenticate: Bearer response header before the handler runs.

[!NOTE] This extractor surfaces the raw token string — it does not verify or validate it. Use the token with your own validation logic or pass it to a JWT library.

§Features

Case-insensitive scheme matching (Bearer, bearer, BEARER).
Trims surrounding whitespace from the extracted token.
Rejects blank tokens (e.g. Authorization: Bearer ).
401 Unauthorized with WWW-Authenticate: Bearer on all failure cases.
Option<BearerToken> works automatically for optional extraction.

§Quick Start

use axum::{routing::get, Router};
use rune_axum_bearer::BearerToken;

async fn handler(BearerToken(token): BearerToken) -> String {
    format!("token={token}")
}

let app: Router = Router::new().route("/api", get(handler));

§Optional Token

Wrap in Option<BearerToken> when the header is not always required:

use axum::{routing::get, Router};
use rune_axum_bearer::BearerToken;

async fn handler(token: Option<BearerToken>) -> String {
    match token {
        Some(BearerToken(t)) => format!("authenticated: {t}"),
        None => "anonymous".to_owned(),
    }
}

let app: Router = Router::new().route("/api", get(handler));

Structs§

BearerToken: A bearer token extracted from the Authorization: Bearer <token> request header.

Enums§

BearerRejection: Rejection returned by BearerToken when extraction fails.

Crate rune_axum_bearer

Crate rune_axum_bearer Copy item path

§Features

§Quick Start

§Optional Token

Structs§

Enums§

Crate rune_axum_bearer