technofab/jwt-authorizer
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/jwt-authorizer.git synced 2025-12-15 01:13:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: release 0.6.0

Browse source
This commit is contained in:
cduvray 2023-02-01 22:10:18 +01:00
parent f1b11ecf3b
commit 3a6a31b418
4 changed files with 27 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
jwt-authorizer/Cargo.toml
View file

@ -1,7 +1,7 @@
[package]
name = "jwt-authorizer"
description = "jwt authorizer middleware for axum"
version = "0.5.0"
version = "0.6.0"
edition = "2021"
authors = ["cduvray <c_duvray@proton.me>"]
license = "MIT"
@ -31,4 +31,4 @@ tracing-subscriber = { version = "0.3", features = ["env-filter"] }
[dev-dependencies]
hyper = { version = "0.14", features = ["full"] }
tower = { version = "0.4", features = ["util"] }
wiremock = "0.5"
wiremock = "0.5"

13
jwt-authorizer/docs/README.md
View file

@ -8,6 +8,7 @@ JWT authoriser Layer for Axum.
- Algoritms: ECDSA, RSA, EdDSA, HS
- JWKS endpoint support
- Configurable refresh
- OpenId Connect Discovery
- Claims extraction
- Claims checker
@ -28,14 +29,14 @@ JWT authoriser Layer for Axum.
}
// let's create an authorizer builder from a JWKS Endpoint
let jwt_auth: JwtAuthorizer<User> =
let jwt_auth: JwtAuthorizer<User> =
JwtAuthorizer::from_jwks_url("http://localhost:3000/oidc/jwks");
// adding the authorization layer
let app = Router::new().route("/protected", get(protected))
.layer(jwt_auth.layer().await.unwrap());
.layer(jwt_auth.layer().await.unwrap());
// proteced handler with user injection (mapping some jwt claims)
// proteced handler with user injection (mapping some jwt claims)
async fn protected(JwtClaims(user): JwtClaims<User>) -> Result<String, AuthError> {
// Send the protected data to the user
Ok(format!("Welcome: {}", user.sub))
@ -48,7 +49,7 @@ JWT authoriser Layer for Axum.
## ClaimsChecker
A check function (mapping deserialized claims to boolean) can be added to the authorizer.
A check function (mapping deserialized claims to boolean) can be added to the authorizer.
A check failure results in a 403 (WWW-Authenticate: Bearer error="insufficient_scope") error.
@ -73,7 +74,7 @@ Example:
## JWKS Refresh
By default the jwks keys are reloaded when a request token is signed with a key (`kid` jwt header) that is not present in the store (a minimal intervale between 2 reloads is 10s by default, can be configured).
By default the jwks keys are reloaded when a request token is signed with a key (`kid` jwt header) that is not present in the store (a minimal intervale between 2 reloads is 10s by default, can be configured).
- `JwtAuthorizer::no_refresh()` configures one and unique reload of jwks keys
- `JwtAuthorizer::refresh(refresh_configuration)` allows to define a finer configuration for jwks refreshing, for more details see the documentation of `Refresh` struct.
- `JwtAuthorizer::refresh(refresh_configuration)` allows to define a finer configuration for jwks refreshing, for more details see the documentation of `Refresh` struct.