pfzetto/axum-oidc
1
0
Fork 0
mirror of https://github.com/pfzetto/axum-oidc.git synced 2024-10-18 11:32:51 +02:00
Code Issues Projects Releases Packages Wiki Activity
A OpenID Connect Client Libary for axum
10 commits 6 branches 9 tags 207 KiB
Rust 100%
Find a file
Paul Zinselmeyer 991f24e31f strip iss query parameter
2023-12-19 10:52:42 +01:00
src strip iss query parameter 2023-12-19 10:52:42 +01:00
.gitignore init 2023-11-02 23:16:46 +01:00
Cargo.toml strip iss query parameter 2023-12-19 10:52:42 +01:00
README.md feat: adapt example in README.md to compile with axum-0.7.* 2023-12-08 13:15:54 +01:00

README.md

This Library allows using OpenID Connect with axum. It authenticates the user with the OpenID Conenct Issuer and provides Extractors.

Usage

The OidcAuthLayer must be loaded on any handler that might use the extractors. The user won't be automatically logged in using this layer. If a valid session is found, the extractors will return the correct value and fail otherwise.

The OidcLoginLayer should be loaded on any handler on which the user is supposed to be authenticated. The User will be redirected to the OpenId Conect Issuer to authenticate. The extractors will always return a value.

The OidcClaims-extractor can be used to get the OpenId Conenct Claims. The OidcAccessToken-extractor can be used to get the OpenId Connect Access Token.

Your OIDC-Client must be allowed to redirect to every subpath of your application base url.

#[tokio::main]
async fn main() {

    let session_store = MemoryStore::default();
    let session_service = ServiceBuilder::new()
        .layer(HandleErrorLayer::new(|_: BoxError| async {
            StatusCode::BAD_REQUEST
        }))
        .layer(SessionManagerLayer::new(session_store).with_same_site(SameSite::Lax));

    let oidc_login_service = ServiceBuilder::new()
        .layer(HandleErrorLayer::new(|e: MiddlewareError| async {
            e.into_response()
        }))
        .layer(OidcLoginLayer::<EmptyAdditionalClaims>::new());

    let oidc_auth_service = ServiceBuilder::new()
        .layer(HandleErrorLayer::new(|e: MiddlewareError| async {
            e.into_response()
        }))
        .layer(
            OidcAuthLayer::<EmptyAdditionalClaims>::discover_client(
                Uri::from_static("https://example.com"),
                "<issuer>".to_string(),
                "<client_id>".to_string(),
                "<client_secret>".to_owned(),
                vec![],
            ).await.unwrap(),
        );

    let app = Router::new()
        .route("/", get(|| async { "Hello, authenticated World!" }))
        .layer(oidc_login_service)
        .layer(oidc_auth_service)
        .layer(session_service);

    let listener = TcpListener::bind("[::]:8080").await.unwrap();
    axum::serve(listener, app.into_make_service()).await.unwrap();
}

Example Projects

Here is a place for projects that are using this library.

Contributing

I'm happy about any contribution in any form. Feel free to submit feature requests and bug reports using a GitHub Issue. PR's are also appreciated.

License

This Library is licensed under LGPLv3.