loco-keycloak-auth
| Crates.io | loco-keycloak-auth |
| lib.rs | loco-keycloak-auth |
| version | 0.1.0 |
| created_at | 2025-04-13 00:25:14.292186+00 |
| updated_at | 2025-04-13 00:25:14.292186+00 |
| description | A plug-and-play Keycloak authentication layer for Loco.rs, powered by axum-keycloak-auth. This crate allows you to easily add secure Keycloak authentication to your Loco web app, with full control over protected routes and clean YAML-based config. |
| homepage | https://github.com/GKaszewski/loco-keycloak-auth |
| repository | https://github.com/GKaszewski/loco-keycloak-auth |
| max_upload_size | |
| id | 1631380 |
| size | 153,926 |
Gabriel Kaszewski (GKaszewski)
documentation
README
π loco-keycloak-auth
A plug-and-play Keycloak authentication layer for Loco.rs, powered by axum-keycloak-auth.
This crate allows you to easily add secure Keycloak authentication to your Loco web app, with full control over protected routes and clean YAML-based config.
β¨ Features
- β Simple integration with Loco initializers
- β
Based on
axum-keycloak-auth - β
Configurable via
config.yaml - β
Supports
BlockandPasspassthrough modes - β Designed to be flexible: apply middleware only where you want it
- β Ideal for securing internal APIs or user-facing endpoints
βοΈ Installation
Add to your Cargo.toml:
[dependencies]
loco-keycloak-auth = { git = "https://github.com/GKaszewski/loco-keycloak-auth" }
Note: If youβre using a local path for development:
loco-keycloak-auth = { path = "../loco-keycloak-auth" }
π Setup
1. Add Keycloak config to your config/config.yaml
settings:
keycloak_settings:
url: "https://keycloak.example.com"
realm: "myrealm"
expected_audiences:
- "account"
passthrough_mode: "Block" # or "Pass"
persist_raw_claims: false
2. Add the initializer to your App in app.rs if you want to have all routes protected.
use loco_keycloak_auth::KeycloakAuthInitializer;
#[async_trait]
impl Hooks for App {
async fn initializers(_ctx: &AppContext) -> Result<Vec<Box<dyn Initializer>>> {
let keycloak_auth = loco_keycloak_auth::initializer::KeycloakAuthInitializer {};
Ok(vec![Box::new(keycloak_auth)])
}
}
π Usage
Protect specific endpoints
use loco_keycloak_auth::Keycloak;
fn routes(ctx: &AppContext) -> Routes {
let keycloak = Keycloak::from_context(ctx).expect("Failed to create Keycloak layer");
Routes::new()
.prefix("secure")
.add("/profile", get(profile_handler).layer(keycloak.layer))
}
π¦ API
Settings struct
pub struct KeycloakSettings {
pub url: String,
pub realm: String,
pub expected_audiences: Vec<String>,
pub passthrough_mode: PassthroughMode, // "Block" or "Pass"
pub persist_raw_claims: bool,
}
PassthroughModelets you decide whether unauthenticated requests should be blocked or passed along.
π€ Contributing
We welcome contributions! Here's how to get started:
1. Clone and link locally
git clone https://github.com/GKaszewski/loco-keycloak-auth
cd loco-keycloak-auth
2. Use in your Loco project with a local path
[dependencies]
loco-keycloak-auth = { path = "../loco-keycloak-auth" }
3. Run tests if there are any
cargo test
4. Submit a PR π
Please open an issue or discussion first for larger feature proposals or breaking changes.
π License
MIT
π Credits
- Built with β€οΈ for the Loco.rs ecosystem
- Powered by axum-keycloak-auth
π« Contact
Questions? Ideas? Want to contribute together?
Open an issue or reach out on GitHub Discussions.