Skip to content
/ axum-auth Public

High-level http auth extractors for axum

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

Owez/axum-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Auth for axum

High-level http auth extractors for axum

🚨 This crate provides an alternative to TypedHeader<Authorization<..>> which you may use instead. Take a look at the fantastic axum-login crate if your looking for more robust session management. I will continue to maintain this crate.

Usage

Bearer Authentication:

use axum_auth::AuthBearer;
 
/// Handler for a typical axum route, takes a `token` and returns it
async fn handler(AuthBearer(token): AuthBearer) -> String {
    format!("Found a bearer token: {}", token)
}

Basic Authentication:

use axum_auth::AuthBasic;
 
/// Takes basic auth details and shows a message
async fn handler(AuthBasic((id, password)): AuthBasic) -> String {
    if let Some(password) = password {
        format!("User '{}' with password '{}'", id, password)
    } else {
        format!("User '{}' without password", id)
    }
}

You can also define custom extractors, letting you return custom extractors, status codes, and messages to users if the auth fails. Check out the crate documentation for more in-depth information into how everything works!

Installation

Simply place the following inside of your Cargo.toml file for axum:

[dependencies]
axum-auth = "0.7"

Our version follows axum since 0.7. You can also enable just basic/bearer auth via features. To enable just basic auth, you can add this to the Cargo.toml file instead:

[dependencies]
axum-auth = { version = "0.7", default-features = false, features = ["auth-basic"] }

If you're still using axum 0.5, use version 0.3. If you're still using axum 0.6, use version 0.4.

Security

Some essential security considerations to take into account are the following:

  • This crate has not been audited by any security professionals. If you are willing to do or have already done an audit on this crate, please create an issue as it would help out enormously! 😊
  • This crate purposefully does not limit the maximum length of headers arriving so please ensure your webserver configurations are set properly.

Licensing

This project is dual-licensed under both the MIT and Apache, so feel free to use either at your discretion.

About

High-level http auth extractors for axum

Topics

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Languages