http-auth
| Crates.io | http-auth |
| lib.rs | http-auth |
| version | 0.1.10 |
| source | src |
| created_at | 2021-10-20 20:27:55.272669 |
| updated_at | 2024-08-31 16:00:55.310119 |
| description | HTTP authentication: parse challenge lists, respond to Basic and Digest challenges. Likely to be extended with server support and additional auth schemes. |
| homepage | |
| repository | https://github.com/scottlamb/http-auth |
| max_upload_size | |
| id | 468090 |
| size | 159,008 |
Scott Lamb (scottlamb)
documentation
README
Rust library for HTTP authentication. Parses challenge lists, responds
to Basic and Digest challenges. Likely to be extended with server
support and additional auth schemes.
HTTP authentication is described in the following documents and specifications:
- MDN documentation.
- RFC 7235: Hypertext Transfer Protocol (HTTP/1.1): Authentication.
- RFC 7617: The 'Basic' HTTP Authentication Scheme
- RFC 7616: HTTP Digest Access Authentication
This framework is primarily used with HTTP, as suggested by the name. It is also used by some other protocols such as RTSP.
Status
Well-tested, suitable for production. The API may change to improve ergonomics and functionality. New functionality is likely to be added. PRs welcome!
Goals
In order:
- sound. Currently no
unsafeblocks inhttp-authitself. All dependencies are common, trusted crates. - correct. Precisely implements the specifications except where noted. Fuzz tests verify the hand-written parser never panics and matches a nom-based reference implementation.
- light-weight. Minimal dependencies; uses Cargo features so callers can
avoid them when undesired. Simple code that minimizes monomorphization
bloat. Small data structures; eg
http_auth::DigestClientcurrently weighs in at 32 bytes plus one allocation for all string fields. - complete. Implements both parsing and responding to challenges.
(Currently only supports the client side and responding to the most common
BasicandDigestschemes; future expansion is likely.) - ergonomic. Creating a client for responding to a password challenge is
a one-liner from a string header or a
http::header::GetAll. - fast enough. HTTP authentication is a small part of a real program, and
http-auth's CPU usage should never be noticeable. ForDigest's cryptographic operations, it uses popular optimized crates. In other respects,http-authis likely at least as efficient as other HTTP authentication crates, although I have no reason to believe their performance is problematic.
Author
Scott Lamb <slamb@slamb.org>
License
SPDX-License-Identifier: MIT OR Apache-2.0
See LICENSE-MIT.txt or LICENSE-APACHE, respectively.