Expand description
§tower-oauth2-resource-server
Tower middleware that provides JWT authorization against an OpenID Connect (OIDC) Provider.
§Overview
This crate is useful when an application has delegated authentication and/or authorization to an external authorization service (e.g. Auth0, Microsoft Entra, etc).
Main inspiration for this middleware (both in naming and functionality) is Spring Security OAuth 2.0 Resource Server.
The middleware will attempt to process each request by:
- Read JWT from Authorizationheader (withBearerprefix)
- Validate the JWT’s signature against a public key obtained from jwks_url
- Validate iss,exp,audand possiblynbfscopes of the JWT
If validation fails, a HTTP 401 is returned. Otherwise next service in the middleware chain will be called. Claims of the JWT are made available as a Request extension. This enables you to write further application logic based on the claims, e.g. rejecting request that lack a certain scope.
§Configuration
See docs for OAuth2ResourceServerBuilder.
§Example usage
Check the examples.
Modules§
- auth_resolver 
- AuthorizerResolver is used to decide what Authorizer that will validate a request.
- authorizer
- Authorizer is the struct responsible for validating requests and performing JWKS rotation against an authorization server.
- builder
- Builder used to construct an OAuth2ResourceServer instance.
- claims
- Default claims implementation.
- jwt_unverified 
- UnverifiedJwt is used internally to represent an unverified JWT.
- layer
- The actual tower middleware
- server
- OAuth2ResourceServer is what underpins the tower middleware, and actually performs JWT validation.
- tenant
- TenantConfiguration is used to configure the interaction with and validation strategy against an authorization server.
- validation
- ClaimsValidationSpec is used to optionally customize what claims that are required in incoming JWTs.