# Rust : Forbidden (WIP)

An experimental auth library for Rust applications.

### Goals

This crate is to define a common set of traits and idioms to provide for most applications with a way to incorporate authentication.

### Non-goals

Is **NOT** the place to put the specific implementations for web/OS/etc.

## Warning

This is an experimental project, without members with experience in security.

I hope to put the "ball to move" so finally Rust has a decent auth system to rely on.

## 🔬 Research

These libraries and articles are used as inspiration:

* [13 best practices for user account, authentication, and password management, 2021 edition](https://cloud.google.com/blog/products/identity-security/account-authentication-and-password-management-best-practices)
* [Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
* [Password auth in Rust, from scratch - Attacks and best practices
  ](https://www.lpalmieri.com/posts/password-authentication-in-rust/)
* [Django Auth](https://docs.djangoproject.com/en/3.2/topics/auth/)
* [Terminology (what is realm, users, etc)](https://www.keycloak.org/docs/latest/server_admin/)

## 🤝 Contributing

Contributions, issues, and feature requests are welcome!

Feel free to check the [issues page](../../issues/).

In special anyone that has experience in building auth systems and know what to watch for!.

## Show your support

Give a ⭐️ if you like this project! or to help make this project a reality consider donate or sponsor with a subscription in [https://www.buymeacoffee.com/mamcx](https://www.buymeacoffee.com/mamcx).

## 📝 License

This project is dual licenced as [MIT](./LICENSE-MIT) & [APACHE](./LICENSE-APACHE).