/oxide-auth

A OAuth2 server library, for use in combination with actix or other frontends, featuring a set of configurable and pluggable backends.

Primary LanguageRust

oxide-auth

A OAuth2 server library, for use in combination with common web servers, featuring a set of configurable and pluggable backends.

About

oxide-auth aims at providing a comprehensive and extensible interface to managing OAuth2 tokens on a server. The core package is agnostic of the used front-end web server and adaptors for the actix, rocket, iron and rouille crates are provided in extension crates. Through an interface designed with traits, the frontend is as easily pluggable as the backend.

Example

$ cargo run example-actix

In the example folder you can find an interactive example. This configures a server, registers a public client and initializes a resource requiring an authorization token. A client is also activated which can be used to access the resource. The example assumes the user to be the validated resource owner, who can deny or allow the request by the client.

Front-Ends

Some popular server libraries have ready-made integration. These still require some dependency on the base crate but generally wrap the interface into a user that is considered more idiomatic for their library. Besides the implementation of oxide-auth traits for the request type, specific error and response traits are also implemented.

Name Crate Notes Docs
actix oxide-auth-actix - actix docs
rocket oxide-auth-rocket nightly rocket docs
rouille oxide-auth-rouille - rouille docs
iron oxide-auth-iron - iron docs

Additional

Crates.io Status Docs.rs Status License CI Status

A more or less comprehensive list of changes is contained in the changelog. Sometimes less as larger releases and reworks profit from a rough overview of the changes more than a cumulative list of detailed features.

For some hints on upgrading from older versions see the migration notes.

More information about contributing. Please respect that I maintain this on my own currently and have limited time. I appreciate suggestions but sometimes the associate workload can seem daunting. That means that simplifications to the workflow are also highly appreciated.

Licensed under either of

The license applies to all parts of the source code, its documentation and supplementary files unless otherwise indicated. It does NOT apply to the replicated full-text copies of referenced RFCs which were included for the sake of completion. These are distributed as permitted by IETF Trust License 4–Section 3.c.i.