High-level http auth extractors for axum
APACHE-2.0 License
High-level http auth extractors for axum
🚨 This crate provides an alternative to TypedHeader<Authorization<..>>
which you may use instead. Take a look at the fantastic axum-login crate if your looking for more robust session management. I will continue to maintain this crate.
Bearer Authentication:
use axum_auth::AuthBearer;
/// Handler for a typical axum route, takes a `token` and returns it
async fn handler(AuthBearer(token): AuthBearer) -> String {
format!("Found a bearer token: {}", token)
}
Basic Authentication:
use axum_auth::AuthBasic;
/// Takes basic auth details and shows a message
async fn handler(AuthBasic((id, password)): AuthBasic) -> String {
if let Some(password) = password {
format!("User '{}' with password '{}'", id, password)
} else {
format!("User '{}' without password", id)
}
}
You can also define custom extractors, letting you return custom extractors, status codes, and messages to users if the auth fails. Check out the crate documentation for more in-depth information into how everything works!
Simply place the following inside of your Cargo.toml
file for axum:
[dependencies]
axum-auth = "0.7"
Our version follows axum since 0.7. You can also enable just basic/bearer auth via features. To enable just basic auth, you can add this to the Cargo.toml
file instead:
[dependencies]
axum-auth = { version = "0.7", default-features = false, features = ["auth-basic"] }
If you're still using axum 0.5, use version 0.3. If you're still using axum 0.6, use version 0.4.
Some essential security considerations to take into account are the following:
This project is dual-licensed under both the MIT and Apache, so feel free to use either at your discretion.