dsferruzza/actix-web-middleware-keycloak-auth

actix-web-middleware-keycloak-auth

Actix Web that handles authentication with a JWT emitted by paperclip using the paperclip_compat feature

A middleware for Actix Web that handles authentication with a JWT emitted by Keycloak.

Features

  • Actix Web middleware
  • deny HTTP requests that do not provide a valid JWT
  • require one or several Keycloak realm or client roles to be included in the JWT
  • error HTTP responses sent from the middleware can have generic bodies as well as detailed error reasons
  • access JWT claims from handlers (for example: get the ID of the authenticated user)
  • access parsed roles from handlers (every Keycloak role contained in the JWT)
  • compatible with paperclip using the paperclip_compat feature

Usage

License

MIT License Copyright (c) 2020 David Sferruzza

Issues

Collection of the latest Issues

swarkentin

swarkentin

Comment Icon4

Thank you for taking the time to write this library!

What are your thoughts on making the OID Public Key optional for JWT signature verification-- pulling from the keycloak API at runtime instead?

For instance, the following response comes from the realm URL:

http://localhost:8080/auth/realms/master

In this case, we could pull public_key from the response automatically, rather than requiring its presence when constructing the KeycloakAuth struct.

Versions

Find the latest versions by id

v0.4.0 - Apr 05, 2022

  • switch to Actix Web 4 (Actix Web 3 is no longer supported)
  • handle extraction and parsing of custom JWT claims
  • add a way to access parsed roles from handlers (every Keycloak role contained in the JWT)
  • add compatibility with the paperclip crate (under the paperclip_compat feature)
  • add passthrough policy setting to allow auth to be optional
  • add a KeycloakAuth::default_with_pk() helper function to initialize the middleware with default settings
  • improve extractors error types
  • expose a pure function to extract custom JWT claims from an Actix Web request
  • update to Rust 2021 edition

v0.4.0-beta.2 - Nov 05, 2021

  • support Actix Web 4.0.0-beta.10
  • add passthrough policy setting to allow auth to be optional
  • add a KeycloakAuth::default_with_pk() helper function to initialize the middleware with default settings
  • improve extractors error types
  • expose a pure function to extract custom JWT claims from an Actix Web request
  • update to Rust 2021 edition

v0.4.0-beta.1 - Sep 22, 2021

  • handle extraction and parsing of custom JWT claims
  • add a way to access parsed roles from handlers (every Keycloak role contained in the JWT)
  • add compatibility with the paperclip crate (under the paperclip_compat feature)

v0.3.0 - Jan 22, 2021

  • allow aud claim to be extracted from either a JSON string or a JSON sequence of strings (as stated in the JWT spec)

v0.2.0 - Nov 29, 2020

  • support client roles
  • add common claims that Keycloak provides by default (iss, aud, iat, jti and azp)
  • change the type of the sub claim from String to Uuid
  • improve debug logs

v0.1.0 - Nov 25, 2020

Initial release

Information - Updated May 03, 2022

Stars: 14
Forks: 6
Issues: 1

Canduma rust Graphql

A Rust authentication server with GraphQL API, Diesel, PostgreSQL session authentication and JWT

Canduma rust Graphql

Webauthn is a modern approach to hardware based authentication, consisting of

a user with an authenticator device, a browser or client that interacts with the

Webauthn is a modern approach to hardware based authentication, consisting of

Authentication Server using Rocket(Rust)

Verification and Validation

Authentication Server using Rocket(Rust)

Authentication (symmetric, HS* JWT algorithms) example

Signatures (asymmetric, RS*, PS*, ES* and EdDSA algorithms) example

Authentication (symmetric, HS* JWT algorithms) example

HTTP Digest Access Authentication for Rust

A (mostly) complete implementation of ITEF RFC2069, RFC2617 and RFC7616

HTTP Digest Access Authentication for Rust

Parsec Rust Client

When using the JWT-SVID authentication method, the client will expect the SPIFFE_ENDPOINT_SOCKET environment variable to contain the path of the Workload API endpoint

Parsec Rust Client

This project contains a Rust server that serves a single page application and

has authentication + JWT-based authorization

This project contains a Rust server that serves a single page application and

Token Generator fo EdgeCast Token-Based Authentication implemented in Rust

Token-Based Authentication safeguards against hotlinking by adding a token requirement to requests for content secured by it

Token Generator fo EdgeCast Token-Based Authentication implemented in Rust

User Authentication Service

Code for the video series JWT

User Authentication Service

Shorter is a simple link shortener service written in Rust built on

Shorter is a simple link shortener service written in Cloudflare Workers with authentication provided by

Shorter is a simple link shortener service written in Rust built on

Canduma rust Graphql

A Rust authentication server with GraphQL API, Diesel, PostgreSQL session authentication and JWT

Canduma rust Graphql

Actix Authentication Example

Warning: This is still a work in progress! Take a look at the todo list to see what's done

Actix Authentication Example
Facebook Instagram Twitter GitHub Dribbble
Privacy