{"id":22148165,"url":"https://github.com/auth0-developer-hub/api_actix-web_rust_hello-world","last_synced_at":"2025-07-26T02:32:17.408Z","repository":{"id":44717425,"uuid":"416384470","full_name":"auth0-developer-hub/api_actix-web_rust_hello-world","owner":"auth0-developer-hub","description":null,"archived":false,"fork":false,"pushed_at":"2023-07-27T13:13:43.000Z","size":43,"stargazers_count":25,"open_issues_count":2,"forks_count":6,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-04-23T21:56:31.813Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0-developer-hub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-10-12T15:05:48.000Z","updated_at":"2024-02-22T02:21:04.000Z","dependencies_parsed_at":"2022-09-17T15:40:48.377Z","dependency_job_id":null,"html_url":"https://github.com/auth0-developer-hub/api_actix-web_rust_hello-world","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-developer-hub%2Fapi_actix-web_rust_hello-world","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-developer-hub%2Fapi_actix-web_rust_hello-world/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-developer-hub%2Fapi_actix-web_rust_hello-world/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-developer-hub%2Fapi_actix-web_rust_hello-world/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0-developer-hub","download_url":"https://codeload.github.com/auth0-developer-hub/api_actix-web_rust_hello-world/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227644223,"owners_count":17798157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-01T23:26:14.817Z","updated_at":"2024-12-01T23:26:15.424Z","avatar_url":"https://github.com/auth0-developer-hub.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hello World API: Actix Web + Rust Sample\n\nThis sample uses [actix-web-httpauth][actix-web-httpauth] and [jsonwebtoken][jsonwebtoken] to implement the following security tasks:\n\nThe `add-rbac` branch offers a working API server that exposes a public endpoint along with two protected endpoints. Each endpoint returns a different type of message: public, protected, and admin.\n\nThe `GET /api/messages/protected` and `GET /api/messages/admin` endpoints are protected against unauthorized access. Any requests that contain a valid access token in their authorization header can access the protected and admin data.\n\nAdditionally, the `GET /api/messages/admin` endpoint requires the access tokens to contain a `read:admin-messages` permission in order to access the admin data, which is referred to as [Role-Based Access Control (RBAC)](https://auth0.com/docs/authorization/rbac/).\n\n## Quick Auth0 Set Up\n\n### Set up the project\n\nThe recommended way to install Rust is via [Rustup](https://rust-lang.github.io/rustup), follow the instructions [here](https://www.rust-lang.org/tools/install).\n\nInstall the [toolchain](https://rust-lang.github.io/rustup/concepts/toolchains.html):\n\n```bash\nrustup toolchain install 1.56\n```\n\nInstall the project dependencies:\n\n```bash\ncargo build\n```\n\nCreate `.env` file under the project directory:\n\n```bash\ntouch .env\n```\n\nPopulate `.env` as follows:\n\n```bash\nPORT=6060\nCLIENT_ORIGIN_URL=http://localhost:4040\nAUTH0_AUDIENCE=\nAUTH0_DOMAIN=\n```\n\n### Register a(n) Actix Web API with Auth0\n\n- Open the [APIs](https://manage.auth0.com/#/apis) section of the Auth0 Dashboard.\n\n- Click on the **Create API** button.\n\n- Provide a **Name** value such as _Hello World API Server_.\n\n- Set its **Identifier** to `https://api.example.com` or any other value of your liking.\n\n- Leave the signing algorithm as `RS256` as it's the best option from a security standpoint.\n\n- Click on the **Create** button.\n\n\u003e View [\"Register APIs\" document](https://auth0.com/docs/get-started/set-up-apis) for more details.\n\n### Connect Actix Web with Auth0\n\nGet the values for `AUTH0_AUDIENCE` and `AUTH0_DOMAIN` in `.env` from your Auth0 API in the Dashboard.\n\nHead back to your Auth0 API page, and **follow these steps to get the Auth0 Audience**:\n\n![Get the Auth0 Audience to configure an API](https://cdn.auth0.com/blog/complete-guide-to-user-authentication/get-the-auth0-audience.png)\n\n1. Click on the **\"Settings\"** tab.\n\n2. Locate the **\"Identifier\"** field and copy its value.\n\n3. Paste the \"Identifier\" value as the value of `AUTH0_AUDIENCE` in `.env`.\n\nNow, **follow these steps to get the Auth0 Domain value**:\n\n![Get the Auth0 Domain to configure an API](https://cdn.auth0.com/blog/complete-guide-to-user-authentication/get-the-auth0-domain.png)\n\n1. Click on the **\"Test\"** tab.\n2. Locate the section called **\"Asking Auth0 for tokens from my application\"**.\n3. Click on the **cURL** tab to show a mock `POST` request.\n4. Copy your Auth0 domain, which is _part_ of the `--url` parameter value: `tenant-name.region.auth0.com`.\n5. Paste the Auth0 domain value as the value of `AUTH0_DOMAIN` in `.env`.\n\n**Tips to get the Auth0 Domain**\n\n- The Auth0 Domain is the substring between the protocol, `https://` and the path `/oauth/token`.\n\n- The Auth0 Domain follows this pattern: `tenant-name.region.auth0.com`.\n\n- The `region` subdomain (`au`, `us`, or `eu`) is optional. Some Auth0 Domains don't have it.\n\n### Run the project\n\nWith the `.env` configuration values set, run the API server by issuing the following command:\n\n```bash\ncargo run\n```\n\n## Test the Protected Endpoints\n\nYou can get an access token from the Auth0 Dashboard to test making a secure call to your protected API endpoints.\n\nHead back to your Auth0 API page and click on the \"Test\" tab.\n\nLocate the section called \"Sending the token to the API\".\n\nClick on the cURL tab of the code box.\n\nCopy the sample cURL command:\n\n```bash\ncurl --request GET \\\n  --url http://path_to_your_api/ \\\n  --header 'authorization: Bearer really-long-string-which-is-test-your-access-token'\n```\n\nReplace the value of `http://path_to_your_api/` with your protected API endpoint path (you can find all the available API endpoints in the next section) and execute the command. You should receive back a successful response from the server.\n\nYou can try out any of our full stack demos to see the client-server Auth0 workflow in action using your preferred front-end and back-end technologies.\n\n## Test the Admin Endpoint\n\nThe `GET /api/messages/admin` endpoint requires the access token to contain the `read:admin-messages` permission. The best way to simulate that client-server secured request is to use any of the Hello World client demo apps to log in as a user that has that permission.\n\nYou can use the Auth0 Dashboard to create an `admin` role and assign it the`read:admin-messages` permission. Then, you can assign the `admin` role to any user that you want to access the `/admin` endpoint.\n\nIf you need help doing so, check out the following resources:\n\n- [Create roles](https://auth0.com/docs/authorization/rbac/roles/create-roles)\n\n- [Create permissions](https://auth0.com/docs/get-started/dashboard/add-api-permissions)\n\n- [Add permissions to roles](https://auth0.com/docs/authorization/rbac/roles/add-permissions-to-roles)\n\n- [Assign roles to users](https://auth0.com/docs/users/assign-roles-to-users)\n\n## API Endpoints\n\n### 🔓 Get public message\n\n```bash\nGET /api/messages/public\n```\n\n#### Response\n\n```bash\nStatus: 200 OK\n```\n\n```json\n{\n  \"api\": \"api_actix-web_rust_hello-world\",\n  \"branch\": \"basic-role-based-access-control\",\n  \"text\": \"The secured API doesn't require an access token to share this public message.\"\n}\n```\n\n\u003e 🔐 Protected Endpoints: These endpoints require the request to include an access token issued by Auth0 in the authorization header.\n\n### 🔐 Get protected message\n\n```bash\nGET /api/messages/protected\n```\n\n#### Response\n\n```bash\nStatus: 200 OK\n```\n\n```json\n{\n  \"api\": \"api_actix-web_rust_hello-world\",\n  \"branch\": \"basic-role-based-access-control\",\n  \"text\": \"The secured API requires a valid access token to share this protected message.\"\n}\n```\n\n### 🔐 Get admin message\n\n\u003e Requires the user to have the `read:admin-messages` permission.\n\n```bash\nGET /api/messages/admin\n```\n\n#### Response\n\n```bash\nStatus: 200 OK\n```\n\n```json\n{\n  \"api\": \"api_actix-web_rust_hello-world\",\n  \"branch\": \"basic-role-based-access-control\",\n  \"text\": \"The secured API requires a valid access token and the read:admin-messages permission to share this admin message.\"\n}\n```\n\n## Error Handling\n\n### 400s errors\n\n#### Response\n\n```bash\nStatus: Corresponding 400 status code\n```\n\n```json\n{\n  \"message\": \"Message that describes the error that took place.\"\n}\n```\n\n### 500s errors\n\n#### Response\n\n```bash\nStatus: 500 Internal Server Error\n```\n\n```json\n{\n  \"message\": \"Message that describes the error that took place.\"\n}\n```\n\n[actix-web-httpauth]: https://crates.io/crates/actix-web-httpauth\n[jsonwebtoken]: https://crates.io/crates/jsonwebtoken\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0-developer-hub%2Fapi_actix-web_rust_hello-world","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0-developer-hub%2Fapi_actix-web_rust_hello-world","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0-developer-hub%2Fapi_actix-web_rust_hello-world/lists"}