This is a demo application I created to help me understand authentication in rust using OAuth 2.0. Specifically, it shows how to protect your backend APIs using server-side OAuth. It uses the oxide-auth, oxide-auth-async, and oxide-auth-axum crates. The oxide-auth documentation is a bit sparse and it isn't immediately obvious how to go about implementing an authentication server with it so I created this demo. As a starting point I used the only example I could find of an app using Oxide-auth with the Axum web server: tf-viewer by @danielalvsaaker.
This crate compiles and basically works. However, I haven't done any re-factoring. It is currently in the "just make it work" stage 😁.
This example app shows a basic OAuth 2.0 authentication life-cycle for API access:
Note: I haven't yet implemented a front-end app to show this functionality fully in a browser. See tests for
full life-cycle example. This project now has a frontend built in SvelteKit
- User registration
- Sign-in
- Client registration (public and private)
- Authorization (public and private)
- Protected resource access
- Sign-out
-
Clone this repo and
cdinto its root -
Run
cargo run -
Change directory into the front-end:
cd svelte-frontend -
Run
npm install -
Run
npm run dev -
Open your browse to http://localhost:5137
-
Click the button that says "Sign-in with OAuth"
-
Use the default username/password pair to sign-in to the backend:
bob/secret- By default the front-end only asks for account:read permission
HashMap - in-memory implementation of a user database. Also used to create a separate client registration database called ClientMap.
async-session - for session management (TO BE REMOVED. Session management doesn't belong in the backend).