https://github.com/michaelvanstraten/actix-jwt-auth-middleware
JSON Webtoken (JWT) middleware for the actix-web framework
https://github.com/michaelvanstraten/actix-jwt-auth-middleware
actix-web-middleware jwt rust
Last synced: 15 days ago
JSON representation
JSON Webtoken (JWT) middleware for the actix-web framework
- Host: GitHub
- URL: https://github.com/michaelvanstraten/actix-jwt-auth-middleware
- Owner: michaelvanstraten
- License: mit
- Created: 2022-06-01T19:31:31.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2025-06-11T19:54:47.000Z (24 days ago)
- Last Synced: 2025-06-20T12:14:17.187Z (15 days ago)
- Topics: actix-web-middleware, jwt, rust
- Language: Rust
- Homepage: https://docs.rs/actix-jwt-auth-middleware/
- Size: 14 MB
- Stars: 42
- Watchers: 1
- Forks: 17
- Open Issues: 4
-
Metadata Files:
- Readme: readme.md
- License: LICENSE
Awesome Lists containing this project
README
# actix-jwt-auth-middleware
This crate builds upon the [`jwt-compact`](https://github.com/slowli/jwt-compact) crate
to provide a jwt authentication middleware for the [`actix-web`](https://github.com/actix/actix-web) framework.
The jwt implementation supports the revocation for tokens via `access` and `refresh` tokens.
It provides multiple cryptographic signing and verifying algorithms such as `HS256`, `HS384`, `HS512`, `EdDSA` and `ES256`.
For more infos on that mater please refer to the [`Supported algorithms`](https://docs.rs/jwt-compact/latest/jwt_compact/#supported-algorithms) section of the [`jwt-compact`](https://github.com/slowli/jwt-compact) crate.
## Features
- easy use of custom jwt claims
- automatic extraction of the custom claims
- extraction of tokens from `query` parameters, `HTTP` headers, [`Authorization`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) header and `cookies`
- verify only mode (`public key` only)
- automatic renewal of `access` token (very customizable)
- easy way to set expiration time of `access` and `refresh` tokens
- simple `UseJWT` trait for protecting a `App` or `Scope` (`Resource` is currently experimental [#91611](https://github.com/rust-lang/rust/issues/91611))
- refresh authorizer function that has access to application state
## Automatic Extraction of Claims
This crate tightly integrates into the actix-web ecosystem,
this makes it easy to Automatic extract the jwt claims from a valid token.
```rust
#[derive(Serialize, Deserialize, Clone, FromRequest)]
struct UserClaims {
id: u32,
role: Role,
}
#[derive(Serialize, Deserialize, Clone, Debug)]
enum Role {
Admin,
RegularUser,
}
#[get("/hello")]
async fn hello(user_claims: UserClaims) -> impl Responder {
format!(
"Hello user with id: {}, i see you are a {:?}!",
user_claims.id, user_claims.role
)
}
```
For this your custom claim type has to implement the [`FromRequest`](actix_web::FromRequest) trait
or it has to be annotated with the `#[derive(actix-jwt-auth-middleware::FromRequest)]` macro which implements this trait for your type.
## Simple Example
```rust
#[derive(Serialize, Deserialize, Clone, Debug, FromRequest)]
struct User {
id: u32,
}
#[actix_web::main]
async fn main() -> Result<(), Box> {
let key_pair = KeyPair::random();
HttpServer::new(move || {
let authority = Authority::::new()
.refresh_authorizer(|| async move { Ok(()) })
.token_signer(Some(
TokenSigner::new()
.signing_key(key_pair.secret_key().clone())
.algorithm(Ed25519)
.build()
.expect(""),
))
.verifying_key(key_pair.public_key())
.build()
.expect("");
App::new()
.service(login)
.use_jwt(authority, web::scope("").service(hello))
})
.bind(("127.0.0.1", 8080))?
.run()
.await?;
Ok(())
}
#[get("/login")]
async fn login(token_signer: web::Data>) -> AuthResult {
let user = User { id: 1 };
Ok(HttpResponse::Ok()
.cookie(token_signer.create_access_cookie(&user)?)
.cookie(token_signer.create_refresh_cookie(&user)?)
.body("You are now logged in"))
}
#[get("/hello")]
async fn hello(user: User) -> impl Responder {
format!("Hello there, i see your user id is {}.", user.id)
}
```
For more examples please referee to the `examples` directory.
License: MIT