A OAuth2 server library, for use in combination with actix or other frontends, featuring a set of configurable and pluggable backends.

Overview

oxide-auth

A OAuth2 server library, for use in combination with common web servers, featuring a set of configurable and pluggable backends.

About

oxide-auth aims at providing a comprehensive and extensible interface to managing OAuth2 tokens on a server. The core package is agnostic of the used front-end web server and adaptors for the actix, rocket, iron and rouille crates are provided in extension crates. Through an interface designed with traits, the frontend is as easily pluggable as the backend.

Example

$ cargo run example-actix

In the example folder you can find an interactive example. This configures a server, registers a public client and initializes a resource requiring an authorization token. A client is also activated which can be used to access the resource. The example assumes the user to be the validated resource owner, who can deny or allow the request by the client.

Integration

Some popular server libraries have ready-made integration. These still require some dependency on the base crate but generally wrap the interface into a user that is considered more idiomatic for their library. Besides the implementation of oxide-auth traits for the request type, specific error and response traits are also implemented.

What Crate Notes Docs
actix oxide-auth-actix - actix docs
async wrappers oxide-auth-async - async docs
redis oxide-auth-db - redis docs
rocket oxide-auth-rocket nightly rocket docs
rouille oxide-auth-rouille - rouille docs
iron oxide-auth-iron - iron docs

Additional

Crates.io Status Docs.rs Status License License CI Status

A more or less comprehensive list of changes is contained in the changelog. Sometimes less as larger releases and reworks profit from a rough overview of the changes more than a cumulative list of detailed features.

For some hints on upgrading from older versions see the migration notes.

More information about contributing. Please respect that I maintain this on my own currently and have limited time. I appreciate suggestions but sometimes the associate workload can seem daunting. That means that simplifications to the workflow are also highly appreciated.

Licensed under either of

The license applies to all parts of the source code, its documentation and supplementary files unless otherwise indicated. It does NOT apply to the replicated full-text copies of referenced RFCs which were included for the sake of completion. These are distributed as permitted by IETF Trust License 4–Section 3.c.i.

Comments
  • Implement async

    Implement async

    This implements #70 by reworking the main crate into explicit state machines. A new crate then has the actual async bindings that use the state machines differently than the synchronous methods. At some point in the future these will hopefully be rewritten into proper generators with arguments instead. This PR is a work in progress.

    TODO:

    • [x] OwnerSolicitor
    • [x] access_token
    • [x] authorization (claimed by @Geobert)
    • [x] refresh
    • [x] resource

    Merge overview:

    • [ ] This change has tests (remove for doc only)
    • [ ] This change has documentation
    • [x] Corresponds to issue #70
    opened by HeroicKatora 45
  • actix-web update to 1.x

    actix-web update to 1.x

    Project Improvement

    actix-web 1.x has some breaking changes. The library and examples need to be updated to remain useful.

    Tracking pull request

    • [ ] A pull request (does not yet exist)
    improvement 
    opened by s-panferov 26
  • Actix frontend

    Actix frontend

    Feature

    Actix is arguably a quickly evolving library and its web framework has been proven to be very performant.

    The greatest challenge is translation between Future structures and the sequential handling of requests here.

    Tracking pull request

    • [x] The development branch has been merged into dev-v0.4.0
    help wanted feature 
    opened by HeroicKatora 26
  • Split ring into separate crate

    Split ring into separate crate

    This change splits ring, and types based on ring-backed types, into another crate to avoid a hard dependency on Ring. A lot of the concrete implementation does depend on ring, so a good deal of tests have moved over into the ring crate, also

    • [x] I have read the contribution guidelines
    • [x] This change has tests (remove for doc only)
    • [x] This change has documentation
    • [x] Corresponds to issue #55
    opened by asonix 16
  • Add serde_urlencoded to db-example Cargo.toml

    Add serde_urlencoded to db-example Cargo.toml

    No real changes, just added serde_urlencoded to the db-example sub-project

    I license past and future contributions under the dual MIT/Apache-2.0 license, allowing licensees to chose either at their option.

    opened by jaztec 14
  • Update to actix-web 2.0

    Update to actix-web 2.0

    Project Improvement

    actix-web 2.x has some breaking changes and comes with support for standard futures.

    Other context

    See prior comments in #37. It also requires an update to ring to support v0.16.

    Tracking pull request

    • [x] A pull request is #72
    • Related: #63
    • [x] Motivates: #70
    improvement 
    opened by HeroicKatora 11
  • Bump actix-web to 1.0

    Bump actix-web to 1.0

    • [x] I have read the contribution guidelines
    • [x] This change has tests (does the example count?)
    • [x] This change has documentation
    • [x] Corresponds to issue #37
    opened by asonix 9
  • async for authorization

    async for authorization

    I'm opening the PR to get help because it doesn't compile and I'm kinda stuck :(

    error[E0499]: cannot borrow `authorization` as mutable more than once at a time
       --> oxide-auth\src\code_grant\authorization.rs:332:27
        |
    332 |         requested = match authorization.advance(input) {
        |                           ^^^^^^^^^^^^^ mutable borrow starts here in previous iteration of loop
    

    I'm wondering why I get this error when I'm doing things in a similar way to other flows :-/

    opened by Geobert 7
  • Rustfmt

    Rustfmt

    Use rustfmt for code.

    The only thing not rustfmt related is .gitignore to avoid pushing VSCode config files.

    For some reason, rustfmt seems to do a "all-features" parse, so I needed to add empty files for modules that where feature gated and not present.

    And it seems that rustfmt has issue with #[path] so added some #[rustfmt::skip] on them.

    • [x] I have read the [contribution guidelines][Contributing]

    I license past and future contributions under the dual MIT/Apache-2.0 license, allowing licensees to chose either at their option.

    opened by Geobert 7
  • fix: Credentials being overriden

    fix: Credentials being overriden

    This fixes

    • [x] I have read the [contribution guidelines][Contributing]
    • [ ] This change has tests (remove for doc only)
    • [x] Corresponds to issue (#89)

    I'm not sure on how to stub to write a test. But the change seems trivial.

    opened by Geobert 7
  • externalize session state

    externalize session state

    Hi,

    One major improvement I'd like to see is to have option to carry the authentication flow state in external database - my use case would use REDIS. The rationale for it is to support clustered environment with load balancer in front, with minimal intelligence in the network boxes.

    I'd be happy to make a PR about this myself, if you are happy with the concept and can point me in right direction.

    feature 
    opened by henris42 6
  • Version bumps

    Version bumps

    Various version bumps.

    • [x] I have read the contribution guidelines
    • [ ] This change has tests (remove for doc only)
    • [ ] This change has documentation
    • [ ] Corresponds to issue (number)
    opened by thespooler 0
  • Version bump and fix chrono timestamp_opt warn

    Version bump and fix chrono timestamp_opt warn

    This fixes timestamp deprecation warning by moving to timestamp_opt() as the behavior of timestamp() is to panic on error.

    • [x] I have read the contribution guidelines
    • [ ] This change has tests (remove for doc only)
    • [ ] This change has documentation
    • [ ] Corresponds to issue (number)
    opened by thespooler 0
  • Link to changelog is broken

    Link to changelog is broken

    Project Improvement

    The link to the changelog in the readme.md returns a 404. Obviously, that doesn't stop anyone from using oxide-auth but it would be nice if it was fixed at some point. Thanks.

    improvement 
    opened by ciresnave 0
  • How to set different expiry time for access and refresh tokens?

    How to set different expiry time for access and refresh tokens?

    I'm implementing a server that supports pretty standard Auhorization Code flow. I'd like to generate both access and refresh tokens, the former with short expiry time, the latter with long expiry time. I kinda struggle with how to implement this. Since those tokens are tied one to another, I implemented a single Issuer (which I'm using with a Generic endpoint). From what I saw in examples and implementation of TokenMap, expiry time is taken from Grant that is passed to the issuer. This however implies that maybe I should implement different Issuer for both access and refresh grants? This however doesn't make sense either since I need to use different - and probably somehow hardcoded - expiry times for both of those tokens. Or perhaps I don't understand where this Grant instance comes from when implementing an Issuer.

    On thing that confuses me on top of this is how to set different access and refresh token expiry times when using TokenMap. It seems to me that they are always set to the same expiry time and it cannot be changed.

    Maybe this is also related to #117 and I'd be happy to help out with some examples once I understand how to implement this.

    opened by ondrowan 1
  • Fix clippy warnings

    Fix clippy warnings

    This PR fixes ~40+ clippy warnings and documentation typos in the main crate, along with many others in the subsequent crates for those using oxide-auth.

    This also bumps oxide-auth and all its related crates by 1 minor version to comply with SemVer(lots of Into -> Froms, possible breaking API changes) and to update the oxide-auth to 0.6

    • [x] I have read the [contribution guidelines][Contributing]

    I license past and future contributions under the dual MIT/Apache-2.0 license, allowing licensees to chose either at their option.

    opened by l1npengtul 2
Owner
CompSci Master's student at TUM
null
An oauth2 client implementation providing the Device, Installed and Service Account flows.

yup-oauth2 is a utility library which implements several OAuth 2.0 flows. It's mainly used by google-apis-rs, to authenticate against Google services.

Lewin Bormann 174 Dec 30, 2022
Simple backend app with Actix-web, JWT and MongoDB

Actix Web JWT Example Simple backend app with Actix-web, JWT and MongoDB (JWT Token, Protect Route, Login & Register) While developing the web service

Emre 124 Dec 31, 2022
A set of Rust libraries to interact with apple's private APIs and servers.

apple-private-apis A set of Rust libraries to interact with apple's private APIs and servers, made for use in SideInstaller. Library Description omnis

SideStore Team 4 Jan 25, 2023
Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and additional auth schemes.

Rust library for HTTP authentication. Parses challenge lists, responds to Basic and Digest challenges. Likely to be extended with server support and a

Scott Lamb 3 Jun 10, 2022
Fast, simple and REST compliant file-server with public/private key authentication written in Rust

stormi Stormi is a fast and simple file-server with public/private key authentication How does it work? Stormi accepts multipart/form-data form with m

Polygon 2 Dec 8, 2022
Authorization Server with Rust using Tonic

authorization-server Authorization Server with Rust using Tonic. Function implemented User registration and profile store Change password Login Token

sora 3 Oct 5, 2021
Highly flexible library to manage and orchestrate JWT workflow

JWT Vault Highly flexible library to manage and orchestrate JWT workflow Examples | Website | Chat TODO Add more examples Improve coverage Features Ma

Saurav Gupta 65 Nov 8, 2022
An auth system/library for Rust applications

Rust : Forbidden (WIP) An experimental auth library for Rust applications. Goals This crate is to define a common set of traits and idioms to provide

Mario Montoya 9 Nov 8, 2022
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK This repository contains a Rust implementation of a FIDO2 authenticator. We developed this as a Tock OS application and it has been successfull

Google 2.4k Jan 2, 2023
Decode, explore, and sign JWTs

JWT Explorer A utility for inspecting, modifying, and attacking JWTs. Supports Windows and Linux and probably also works on macOS but this has not bee

David Young 9 Nov 9, 2022
Tools for manipulating JSON Web Tokens, JWS, JWE, and JWK in Rust

Rusty JWT Tools A collection of JWT utilities. This repository is part of the source code of Wire. You can find more information at wire.com or by con

Wire Swiss GmbH 4 Nov 22, 2022
Simple crate to login to Pinterest and get the cookies via Chromiumoxide to simulate a browser

Simple crate to login to Pinterest and get the cookies via Chromiumoxide to simulate a browser (open a real browser actually), to use the Pinterest API without needing a developer account or an API key or anything that costs money :).

Anas 3 Oct 5, 2023
Monorepo for dprint—a pluggable and configurable code formatting platform

dprint Monorepo for dprint—a pluggable and configurable code formatting platform. This project is under active early development. I recommend you chec

null 1.7k Jan 8, 2023
Actix-extras - A collection of additional crates supporting the actix and actix-web frameworks.

actix-extras A collection of additional crates supporting the actix-web and actix frameworks. Crates by @actix Crate actix-cors Cross-origin resource

Actix 506 Dec 27, 2022
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
Network Block Storage server, written in Rust. Supports pluggable and chainable underlying storage

nbd-rs Disclaimer DO NEVER USE THIS FOR PRODUCTION Do not use this for any data that you cannot afford to lose any moment. Expect data loss, corruptio

Rainlab Inc 10 Sep 30, 2022
A merkle-based token distributor for the Solana network that allows distributing a combination of unlocked and linearly unlocked tokens.

merkle-distributor A program for distributing tokens efficiently via uploading a Merkle root. Claiming Airdrop via CLI To claim via CLI instead of usi

null 6 Dec 8, 2023
Extensible, strongly-typed Rust OAuth2 client library

OAuth2 An extensible, strongly-typed implementation of OAuth2 (RFC 6749). Documentation is available on docs.rs. Release notes are available on GitHub

David Ramos 602 Dec 25, 2022
A library to quickly create OAuth2.1 compliant servers from scratch.

oauth21-server A library to easily create an OAuth 2.1 compliant authorization server. The motivation to develop this library comes from the fact that

Revanth Pothukuchi 3 Mar 14, 2022
📺 Netflix in Rust/ React-TS/ NextJS, Actix-Web, Async Apollo-GraphQl, Cassandra/ ScyllaDB, Async SQLx, Kafka, Redis, Tokio, Actix, Elasticsearch, Influxdb Iox, Tensorflow, AWS

Fullstack Movie Streaming Platform ?? Netflix in RUST/ NextJS, Actix-Web, Async Apollo-GraphQl, Cassandra/ ScyllaDB, Async SQLx, Spark, Kafka, Redis,

null 34 Apr 17, 2023