Skip to main content

Crate webgates_tonic

Crate webgates_tonic 

Source
Expand description

§webgates-tonic

tonic server-side integration for webgates bearer-token authentication and authorization.

This crate is the tonic-facing transport adapter for webgates. It applies bearer-token authentication and authorization to incoming gRPC requests while keeping the core auth and policy logic in the framework-agnostic webgates crate.

It is server-side only and intentionally does not provide cookie transport, browser-redirect OAuth2 flows, or tonic client utilities.

§When to use this crate

Use webgates-tonic when you want:

  • tonic middleware for bearer-token authentication
  • webgates authorization policy enforcement on gRPC services
  • typed auth context in tonic request extensions
  • optional JWT auth context for mixed public/authenticated methods
  • static-token service-to-service authentication

§Key modules

Most tonic applications can learn this crate in three steps:

  1. start with gate to understand how bearer auth is enforced in middleware
  2. move to context to see what handler-visible auth state becomes available
  3. read errors if you need to understand or customize auth failure behavior

§Examples

use std::sync::Arc;
use webgates::accounts::Account;
use webgates::authz::access_policy::AccessPolicy;
use webgates::roles::Role;
use webgates::groups::Group;
use webgates_codecs::jwt::{JsonWebToken, JwtClaims};
use webgates_tonic::gate::Gate;

let codec = Arc::new(JsonWebToken::<JwtClaims<Account<Role, Group>>>::default());
let layer = Gate::bearer("my-svc", codec)
    .with_policy(AccessPolicy::<Role, Group>::require_role(Role::Admin));

let _ = layer;

§Getting started on docs.rs

A good reading order is:

  1. gate
  2. context
  3. errors
  4. gate::bearer
  5. gate::remote_jwks_bearer if you need remote JWKS-backed verification

Modules§

context
Typed authentication context inserted into tonic request extensions.
errors
Authentication error types and their mapping to tonic::Status codes. Error types and tonic status mapping for webgates-tonic.
gate
Gate builders and tower middleware for tonic services. Gate entry point for tonic server-side authentication and authorization.