auth_for_warp
| Crates.io | auth_for_warp |
| lib.rs | auth_for_warp |
| version | 0.1.1 |
| source | src |
| created_at | 2022-05-24 17:18:53.309921 |
| updated_at | 2022-05-25 12:57:23.390079 |
| description | plugin auth module for warp-based servers |
| homepage | |
| repository | https://github.com/swiftcoder/auth_for_warp/ |
| max_upload_size | |
| id | 592944 |
| size | 61,900 |
Tristam MacDonald (swiftcoder)
documentation
README
auth_for_warp
A proof-of-concept for a simple and reusable auth module that can be plugged into any warp-based server application.
Passwords are salted and hashed using argon2. On successful login, a JSON Web Token is generated using jsonwebtoken and returned to the client. A warp filter is provided to authenticate subsequent requests against that token via bearer authentication.
Some limitiations (certainly not an exhaustive list):
- TLS is necessary to avoid leaking passwords on the wire (no PAKE).
- Only supports username + password (no OAuth, no TOTP, etc).
- All credential storage is left up to the application.
- User ID allocation probably ought to be left up to the application.
- Only handles authentication, supporting authorization will need some design work.