axum-oidc/README.md

72 lines
2.7 KiB
Markdown
Raw Normal View History

2023-11-03 19:42:54 +01:00
This Library allows using [OpenID Connect](https://openid.net/developers/how-connect-works/) with [axum](https://github.com/tokio-rs/axum).
It authenticates the user with the OpenID Conenct Issuer and provides Extractors.
2023-11-02 23:10:38 +01:00
2023-11-03 19:42:54 +01:00
# Usage
The `OidcAuthLayer` must be loaded on any handler that might use the extractors.
The user won't be automatically logged in using this layer.
If a valid session is found, the extractors will return the correct value and fail otherwise.
2023-11-02 23:10:38 +01:00
2023-11-03 19:42:54 +01:00
The `OidcLoginLayer` should be loaded on any handler on which the user is supposed to be authenticated.
The User will be redirected to the OpenId Conect Issuer to authenticate.
The extractors will always return a value.
2023-11-02 23:10:38 +01:00
2023-11-03 19:42:54 +01:00
The `OidcClaims`-extractor can be used to get the OpenId Conenct Claims.
The `OidcAccessToken`-extractor can be used to get the OpenId Connect Access Token.
Your OIDC-Client must be allowed to redirect to **every** subpath of your application base url.
```rust
#[tokio::main]
async fn main() {
let session_store = MemoryStore::default();
let session_service = ServiceBuilder::new()
.layer(HandleErrorLayer::new(|_: BoxError| async {
StatusCode::BAD_REQUEST
}))
.layer(SessionManagerLayer::new(session_store).with_same_site(SameSite::Lax));
let oidc_login_service = ServiceBuilder::new()
.layer(HandleErrorLayer::new(|e: MiddlewareError| async {
e.into_response()
}))
.layer(OidcLoginLayer::<EmptyAdditionalClaims>::new());
let oidc_auth_service = ServiceBuilder::new()
.layer(HandleErrorLayer::new(|e: MiddlewareError| async {
e.into_response()
}))
.layer(
OidcAuthLayer::<EmptyAdditionalClaims>::discover_client(
Uri::from_static("https://example.com"),
"<issuer>".to_string(),
"<client_id>".to_string(),
"<client_secret>".to_owned(),
vec![],
).await.unwrap(),
);
let app = Router::new()
.route("/", get(|| async { "Hello, authenticated World!" }))
.layer(oidc_login_service)
.layer(oidc_auth_service)
.layer(session_service);
let listener = TcpListener::bind("[::]:8080").await.unwrap();
axum::serve(listener, app.into_make_service()).await.unwrap();
2023-11-03 19:42:54 +01:00
}
```
# Example Projects
Here is a place for projects that are using this library.
- [zettoIT ARS - AudienceResponseSystem](https://git2.zettoit.eu/zettoit/ars) (by me)
# Contributing
I'm happy about any contribution in any form.
Feel free to submit feature requests and bug reports using a GitHub Issue.
PR's are also appreciated.
2023-11-02 23:10:38 +01:00
# License
This Library is licensed under [LGPLv3](https://www.gnu.org/licenses/lgpl-3.0.en.html).