A OpenID Connect Client Libary for axum
Find a file
2023-11-05 16:26:34 +01:00
src remove ? on empty query parameters 2023-11-05 16:26:34 +01:00
.gitignore init 2023-11-02 23:16:46 +01:00
Cargo.toml change version 2023-11-03 19:44:04 +01:00
README.md first implementation 2023-11-03 19:43:01 +01:00

This Library allows using OpenID Connect with axum. It authenticates the user with the OpenID Conenct Issuer and provides Extractors.

Usage

The OidcAuthLayer must be loaded on any handler that might use the extractors. The user won't be automatically logged in using this layer. If a valid session is found, the extractors will return the correct value and fail otherwise.

The OidcLoginLayer should be loaded on any handler on which the user is supposed to be authenticated. The User will be redirected to the OpenId Conect Issuer to authenticate. The extractors will always return a value.

The OidcClaims-extractor can be used to get the OpenId Conenct Claims. The OidcAccessToken-extractor can be used to get the OpenId Connect Access Token.

Your OIDC-Client must be allowed to redirect to every subpath of your application base url.

#[tokio::main]
async fn main() {

    let session_store = MemoryStore::default();
    let session_service = ServiceBuilder::new()
        .layer(HandleErrorLayer::new(|_: BoxError| async {
            StatusCode::BAD_REQUEST
        }))
        .layer(SessionManagerLayer::new(session_store).with_same_site(SameSite::Lax));

    let oidc_login_service = ServiceBuilder::new()
        .layer(HandleErrorLayer::new(|e: MiddlewareError| async {
            e.into_response()
        }))
        .layer(OidcLoginLayer::<EmptyAdditionalClaims>::new());

    let oidc_auth_service = ServiceBuilder::new()
        .layer(HandleErrorLayer::new(|e: MiddlewareError| async {
            e.into_response()
        }))
        .layer(
            OidcAuthLayer::<EmptyAdditionalClaims>::discover_client(
                Uri::from_static("https://example.com"),
                "<issuer>".to_string(),
                "<client_id>".to_string(),
                "<client_secret>".to_owned(),
                vec![],
            ).await.unwrap(),
        );

    let app = Router::new()
        .route("/", get(|| async { "Hello, authenticated World!" }))
        .layer(oidc_login_service)
        .layer(oidc_auth_service)
        .layer(session_service);

    axum::Server::bind(&"[::]:8080".parse().unwrap())
        .serve(app.into_make_service())
        .await
        .unwrap();
}

Example Projects

Here is a place for projects that are using this library.

Contributing

I'm happy about any contribution in any form. Feel free to submit feature requests and bug reports using a GitHub Issue. PR's are also appreciated.

License

This Library is licensed under LGPLv3.