actix-extras
actix-extras copied to clipboard
actix
Support for JWT handling
Hi ! First of all, thank you for your amazing work !
I'm planning on adding support for JWT to the actix-web-httpauth crate.
Is this the right place to implement such feature ? Or would it be in another crate ?
Like for the Bearer auth already implemented, the JWT auth would have a config with different settings on how to validate the JWT and a struct wrapped in an Arc<RwLock<>> in which to store, access and hot-replace the JWKS.
An extractor would also be available to extract common header fields as well as common claims. (Maybe find a way to make the claims struct dynamic, so that people could plug-in there own struct for the claims)
This features would require the following crates :
- jsonwebtoken
- serde
- serde_json
- chrono
Any progress on this? I'm trying to implement JWT with cookies for my current application but would rather use a crate, because it's most likely written by people with more knowledge than me.
This might also provide a good starting point for some new developers instead of using actix-identity to make the entry easier and provide a secure base for applications.
Unfortunately, I've got side tracked and won't be able to deal with this issue in quite some time
@GrandChaman Did you happen to start a branch with any work in progress code? This feature is now on my radar, and your description looks just like what I'm looking to find(or implement).
@quentusrex I did start something for one of my final school projects, it's not production ready and needs a lot of rework, but maybe it'll get you started :)
I might be interested in working on this at some point. I've implemented JWTs multiple times and know how to avoid pitfalls. However, for the next few months I will be very busy and likely won't get around to it. But I am willing to help/answer questions for anyone who does choose to work on it, if need be.
