michaelvanstraten / actix-jwt-auth-middleware Goto Github PK
View Code? Open in Web Editor NEWJSON Webtoken (JWT) middleware for the actix-web framework
Home Page: https://docs.rs/actix-jwt-auth-middleware/
License: MIT License
JSON Webtoken (JWT) middleware for the actix-web framework
Home Page: https://docs.rs/actix-jwt-auth-middleware/
License: MIT License
It is not possible to allow extraction of the claims from the Authorization header using the "enable _authorization_header" function in the version 0.3.0 of the crate (latest available atm).
Looking at the sources, seems that it disappeared:
authority.rs
#[builder(setter(into))]
pub(crate) refresh_token_name: String,
/**
If set to true the clients refresh token will automatically refreshed,
this allows clients to basically stay authenticated over a infinite amount of time, so i don't recommend it.
Defaults to `false`
*/
#[builder(default = "false")]
renew_refresh_token_automatically: bool,
/**
If set to true, the service will look for `access_token_name` and `refresh_token_name` in
http headers.
*/
#[builder(default = "false")]
enable_header_tokens: bool,
/**
If set to true, the service will look for `access_token_name` and `refresh_token_name` in
in the query parameters.
*/
#[builder(default = "false")]
enable_query_tokens: bool,
/**
If set to true, the service will look for `access_token_name` and `refresh_token_name` in
in the cookies of the processed request.
*/
#[builder(default = "true")]
enable_cookie_tokens: bool,
/**
Key used to verify integrity of access and refresh token.
*/
verifying_key: Algo::VerifyingKey,
/**
The Cryptographic signing algorithm used in the process of creation of access and refresh tokens.
Please referee to the [`Supported algorithms`](https://docs.rs/jwt-compact/latest/jwt_compact/#supported-algorithms) section of the `jwt-compact` crate for a comprehensive list of the supported algorithms.
Defaults to the value of the `algorithm` field set on the `token_signer`, if the `token_signer` is not set,
this field needs to be set.
*/
#[builder(default = "pull_from_token_signer!(self, algorithm)")]
algorithm: Algo,
/**
Used in the creating of the `token`, the current time stamp is taken from this, but please referee to the Structs documentation.
Defaults to the value of the `time_options` field set on the `token_signer`, if the `token_signer` is not set,
this field needs to be set.
*/
#[builder(default = "pull_from_token_signer!(self, time_options)")]
time_options: TimeOptions,
/**
Not Passing a [`TokenSigner`] struct will make your middleware unable to refresh the access token automatically.
You will have to provide a algorithm manually in this case because the Authority can not pull it from the `token_signer` field.
Please referee to the structs own documentation for more details.
*/
#[builder(default = "None")]
token_signer: Option<TokenSigner<Claims, Algo>>,
#[doc(hidden)]
#[builder(setter(skip), default = "PhantomData")]
claims_marker: PhantomData<Claims>,
#[doc(hidden)]
#[builder(setter(skip), default = "PhantomData")]
args_marker: PhantomData<Args>,
}
I can see it in the current version published on github, so I'm not sure what went wrong during the crate publication.
I don't think this is an issue on actix-jwt but I get this error when building on my docker image. Was wondering if anyone saw this before?
It will be better to cache introspected user locally because it cause high request latency
We would like to have swaggerUi page to document the rest API of our server.
We stumble upon the following problem: it seems that for swagger it is not possible to use 2 tokens in cookie (access+refresh).
Do you have any workaround ?
For instance, is-it possible to use the middleware without the refresh token ?
Hi, Thank you for creating this Library.
Im trying to achieve something like this:
App::new()
.service(index)
.service(web::scope("/api")
.service(login)
.service(hello))
.use_jwt(authority,
web::scope("/api")
.service(index)
.service(logout)
.service(hello2)
)
I want the /api/login
to be public and reset of the endpoints in that scope be authorized by jwt, but this is not possible because the first scope of "/api" will accept all of the requests containing "api" and will not go in use_jwt
branch, so you end up with:
/api/login 200
/api/hello 200
/api/logout 404
right now you can just authorize the whole scope, which is kinda hard to work with.
I think use_jwt should NOT accept a scope, its a middleware and it should act like one, so maybe something like this:
web::scope("/api")
.service(hello1)
.wrap(use_jwt(..))
.service(hello2)
and it should allow /api/hello1
for everyone and only authorize /api/hello2
.(or vice versa doesn't matter)
I mean, this is the design that most of the frameworks follow...
The current implementation does play that well when trying to implement a JWT wrapped rest API.
This is part to the fact that the crate was never really intentioned to do this, but it will be in the future.
This issue tracks the completion and the related issues.
Currently, there is no explicit way of setting the designated path for the returned cookie pair, resulting in the cookie not being recognized by browsers.
Have the following API layout, using the simple example:
/v1/auth/login
/v1/api/hello
Define the App with
App::new()
.service(web::scope("/v1")
.service(login)
.use_jwt(authority.clone(), web::scope("").service(hello))
Retrieve the login cookie from /auth/login
Try to access /v1/api/hello
As you can see, hello
will report unauthorized, as the cookie path has been set to /v1/auth
, which doesn't cover the api
route.
I think there's a bug using Authorization header, because I get Error: "invalid base64 decoding"
.
This error is caused because the word Bearer
is checked but then not removed from token_value
inside the method get_token_from_authorization_header
:
let token_value = if header_value.strip_prefix("Bearer").is_some() { header_value.trim() }
In the example file simple.rs, there is a function that is afaik not supported anymore.
The same code which is not working is also used in the documentation.
Hello there!
I am receiving error about crate time
versioning conflict error when I use other crate (eg: Actix-web) which uses later version of the aforementioned crate (v0.2+). However, your crate still use version up to 0.1.45, which, in all newer version (0.2+ --> 0.3.33), have put the module time::duration::Duration
into private, and use directly time::Duration
. The reasons i brought this up is because whenever I compile my project, it conflict the versions used later and yours by your crate. It would be very much helpful if you could kindly update the time
crate dependencies of your crate to version 2 or newer, or so I thought how it should work.
Below I have attached an image of the conflict error. Please let me know if you need something else from me.
Hello,
Thanks for the library ! I am playing with it and I had to follow the without use jwt example and not the simple ones as
.service(
// we need this scope so we can exclude the login service
// from being wrapped by the jwt middleware
web::scope("").service(handlers::login::hello).use_jwt(authority.clone())
)
returns
error[E0599]: no method named `use_jwt` found for struct `actix_web::Scope` in the current scope
--> src/main.rs:83:64
|
83 | web::scope("").service(handlers::login::hello).use_jwt(authority.clone())
| ^^^^^^^ method not found in `actix_web::Scope`
Similarly,
use actix_jwt_auth_middleware::{AuthResult, Authority, CookieSigner, FromRequest, UseJWTOnScope};
shows
error[E0432]: unresolved import `actix_jwt_auth_middleware::UseJWTOnScope`
--> src/main.rs:11:83
|
11 | use actix_jwt_auth_middleware::{AuthResult, Authority, CookieSigner, FromRequest, UseJWTOnScope};
| ^^^^^^^^^^^^^ no `UseJWTOnScope` in the root
I guess this code isn't available in the 0.0.2 ?
I am currently receiving the error mentioned above when I try to compile code utilizing a TokenSigner, however did not receive any such error when using a CookieSigner. This only began after recently updating to version 0.3.0. My code is as follows:
let token_signer = TokenSigner::<UserJWT, _>::new()
.signing_key(key_pair.sk.clone())
.access_token_name("user_access_token")
//Token's lifespan is 2 hours, then requires reauthentication
.refresh_token_lifetime(chrono::Duration::minutes(120))
.algorithm(Ed25519)
.build()
.unwrap();
The full error output is as follows (this output is also produced if I copy and paste the example code on docs.rs for a TokenSigner):
error[E0277]: the trait bound `Ed25519: jwt_compact::traits::Algorithm` is not satisfied
--> src/main.rs:157:24
|
157 | let token_signer = TokenSigner::<UserJWT, _>::new()
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `jwt_compact::traits::Algorithm` is not implemented for `Ed25519`
|
= help: the following other types implement trait `jwt_compact::traits::Algorithm`:
jwt_compact::alg::StrongAlg<T>
jwt_compact::alg::hmacs::Hs256
jwt_compact::alg::hmacs::Hs384
jwt_compact::alg::hmacs::Hs512
jwt_compact::traits::Renamed<A>
note: required by a bound in `TokenSigner::<Claims, Algorithm>::new`
--> /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-jwt-auth-middleware-0.3.0/src/token_signer.rs:129:16
|
129 | Algorithm: jwt_compact::Algorithm + Clone,
| ^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `TokenSigner::<Claims, Algorithm>::new`
error[E0277]: the trait bound `Ed25519: jwt_compact::traits::Algorithm` is not satisfied
--> src/main.rs:157:24
|
157 | let token_signer = TokenSigner::<UserJWT, _>::new()
| ^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `jwt_compact::traits::Algorithm` is not implemented for `Ed25519`
|
= help: the following other types implement trait `jwt_compact::traits::Algorithm`:
jwt_compact::alg::StrongAlg<T>
jwt_compact::alg::hmacs::Hs256
jwt_compact::alg::hmacs::Hs384
jwt_compact::alg::hmacs::Hs512
jwt_compact::traits::Renamed<A>
note: required by a bound in `TokenSigner`
--> /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-jwt-auth-middleware-0.3.0/src/token_signer.rs:57:11
|
57 | Algo: Algorithm,
| ^^^^^^^^^ required by this bound in `TokenSigner`
error[E0277]: the trait bound `Ed25519: jwt_compact::traits::Algorithm` is not satisfied
--> src/main.rs:158:10
|
158 | .signing_key(key_pair.sk.clone())
| ^^^^^^^^^^^ the trait `jwt_compact::traits::Algorithm` is not implemented for `Ed25519`
|
= help: the following other types implement trait `jwt_compact::traits::Algorithm`:
jwt_compact::alg::StrongAlg<T>
jwt_compact::alg::hmacs::Hs256
jwt_compact::alg::hmacs::Hs384
jwt_compact::alg::hmacs::Hs512
jwt_compact::traits::Renamed<A>
note: required by a bound in `TokenSignerBuilder::<Claims, Algo>::signing_key`
--> /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-jwt-auth-middleware-0.3.0/src/token_signer.rs:57:11
|
57 | Algo: Algorithm,
| ^^^^^^^^^ required by this bound in `TokenSignerBuilder::<Claims, Algo>::signing_key`
error[E0277]: the trait bound `Ed25519: jwt_compact::traits::Algorithm` is not satisfied
--> src/main.rs:159:10
|
159 | .access_token_name("user_access_token")
| ^^^^^^^^^^^^^^^^^ the trait `jwt_compact::traits::Algorithm` is not implemented for `Ed25519`
|
= help: the following other types implement trait `jwt_compact::traits::Algorithm`:
jwt_compact::alg::StrongAlg<T>
jwt_compact::alg::hmacs::Hs256
jwt_compact::alg::hmacs::Hs384
jwt_compact::alg::hmacs::Hs512
jwt_compact::traits::Renamed<A>
note: required by a bound in `TokenSignerBuilder::<Claims, Algo>::access_token_name`
--> /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-jwt-auth-middleware-0.3.0/src/token_signer.rs:57:11
|
57 | Algo: Algorithm,
| ^^^^^^^^^ required by this bound in `TokenSignerBuilder::<Claims, Algo>::access_token_name`
error[E0277]: the trait bound `Ed25519: jwt_compact::traits::Algorithm` is not satisfied
--> src/main.rs:161:10
|
161 | .refresh_token_lifetime(chrono::Duration::minutes(120))
| ^^^^^^^^^^^^^^^^^^^^^^ the trait `jwt_compact::traits::Algorithm` is not implemented for `Ed25519`
|
= help: the following other types implement trait `jwt_compact::traits::Algorithm`:
jwt_compact::alg::StrongAlg<T>
jwt_compact::alg::hmacs::Hs256
jwt_compact::alg::hmacs::Hs384
jwt_compact::alg::hmacs::Hs512
jwt_compact::traits::Renamed<A>
note: required by a bound in `TokenSignerBuilder::<Claims, Algo>::refresh_token_lifetime`
--> /home//.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-jwt-auth-middleware-0.3.0/src/token_signer.rs:57:11
|
57 | Algo: Algorithm,
| ^^^^^^^^^ required by this bound in `TokenSignerBuilder::<Claims, Algo>::refresh_token_lifetime`
error[E0277]: the trait bound `Ed25519: jwt_compact::traits::Algorithm` is not satisfied
--> src/main.rs:162:10
|
162 | .algorithm(Ed25519)
| ^^^^^^^^^ the trait `jwt_compact::traits::Algorithm` is not implemented for `Ed25519`
|
= help: the following other types implement trait `jwt_compact::traits::Algorithm`:
jwt_compact::alg::StrongAlg<T>
jwt_compact::alg::hmacs::Hs256
jwt_compact::alg::hmacs::Hs384
jwt_compact::alg::hmacs::Hs512
jwt_compact::traits::Renamed<A>
note: required by a bound in `TokenSignerBuilder::<Claims, Algo>::algorithm`
--> /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-jwt-auth-middleware-0.3.0/src/token_signer.rs:57:11
|
57 | Algo: Algorithm,
| ^^^^^^^^^ required by this bound in `TokenSignerBuilder::<Claims, Algo>::algorithm`
error[E0599]: the method `build` exists for struct `TokenSignerBuilder<UserJWT, Ed25519>`, but its trait bounds were not satisfied
--> src/main.rs:163:10
|
157 | let token_signer = TokenSigner::<UserJWT, _>::new()
| ________________________-
158 | | .signing_key(key_pair.sk.clone())
159 | | .access_token_name("user_access_token")
160 | | //Token's lifespan is 2 hours, then requires reauthentication
161 | | .refresh_token_lifetime(chrono::Duration::minutes(120))
162 | | .algorithm(Ed25519)
163 | | .build()
| | -^^^^^ method cannot be called on `TokenSignerBuilder<UserJWT, Ed25519>` due to unsatisfied trait bounds
| |_________|
|
|
::: /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/jwt-compact-0.8.0-beta.1/src/alg/eddsa_compact.rs:36:1
|
36 | pub struct Ed25519;
| ------------------ doesn't satisfy `Ed25519: jwt_compact::traits::Algorithm`
|
= note: the following trait bounds were not satisfied:
`Ed25519: jwt_compact::traits::Algorithm`
While implementing actix-jwt-auth-middleware I noticed that in examples/simple.rs the dependency exonum_crypto is no longer available for linux (I'm using Ubuntu), is there a drop in replacement for this dependency to generate the needed key pairs?
Thanks for your assistance
actix-jwt-auth-middleware/Cargo.toml
Line 26 in 91d6fd4
exonum-crypto
is enabled as a feature on jwt-compact
even though the documentation says to refer to that crate's list of supported algorithmsed25519-dalek
or ed25519-compact
instead of exonum-crypto
as I want to use a pure-rust crypto implementation.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.