Rust Auth Libraries
· 4 min read
| Name | Production Ready | Usage | Type | Async support | Negatives | Remark | maintenance | GitURL | Crates URL | URL |
|---|---|---|---|---|---|---|---|---|---|---|
| Cookie | Yes | - Creating a custom session and cookies based auth - Saving JWT in encrypted cookies - tracking users | Helper library for Authentication | No | - only a helper library | - lot of users - support for parser and creating cookies | Actively maintained | https://github.com/SergioBenitez/cookie-rs | https://crates.io/crates/cookie | https://docs.rs/cookie/0.14.1 |
| oauth2 | Yes | - support for obtain token oAuth - support multiple https request clients - reqwest - curl - custom - Any Oauth provider which supports oAuth2 is supported | oauth support | Yes | - No support for verifying obtained token | - full implementation of oAuth2 | Actively maintained | https://github.com/ramosbugs/oauth2-rs | https://crates.io/crates/oauth2 | https://docs.rs/oauth2/4.0.0-alpha.1/oauth2/index.html |
| oauth-client | No (state validation is missing) | - oAuth support | oauth support | No | - No support for verifying obtained token - Not actively maintained | unmaintained | https://github.com/gifnksm/oauth-client-rs | https://crates.io/crates/oauth-client | https://docs.rs/oauth-client/0.4.0/oauth_client/index.html | |
| oauth-client-async | No (state validation is missing) | - async version of oauth-client | oauth support | Yes | - Not actively maintained - Not that many users - No support for verifying obtained token | unmaintained | https://github.com/gifnksm/oauth-client-rs | https://crates.io/crates/oauth-client-async/0.4.0 | https://docs.rs/oauth-client-async/0.4.0 | |
| oxide-auth | No (frequently changing api) | - library for building server based on oAuth - support for various framework - oxide-auth-actix - oxide-auth-iron - oxide-auth-rocket - oxide-auth-rouille | oAuth server library | Yes | - Not stable API | Actively maintained | https://github.com/HeroicKatora/oxide-auth.git | https://crates.io/crates/oxide-auth | https://docs.rs/oxide-auth/0.4.5 | |
| inth-oauth2 | No (no longer maintained) | - An oAuth client server - support for google, github,imgur out of box - pluggable interface with community support for slack and other provider | oAuth server library | Yes | - Not mainated | unmaintained | https://github.com/programble/inth-oauth2 | https://crates.io/crates/inth-oauth2 | https://docs.rs/inth-oauth2/0.16.0 | |
| yup-oauth2 | Yes | - oAuth for Google services like gmail, gcp etc. - Support for token caching | oAuth helper library | Yes | - No out of box auth provider support | - support for : - installed application - Service account - used by google-api-rs | Actively maintained | https://github.com/dermesser/yup-oauth2 | https://crates.io/crates/yup-oauth2 | https://docs.rs/yup-oauth2/4.1.2 |
| frank_jwt | No (some important validation missing) | - JWT creation - JWT validation - Support both symateric and asymateric alog | JWT helper library | No | - no support for fetching keys from jwks | - support for alot of algorithms | Actively maintained | https://github.com/GildedHonour/frank_jwt | https://crates.io/crates/frank_jwt | https://github.com/GildedHonour/frank_jwt |
| jsonwebtoken | Yes | - JWT creation - JWT validation - Support both symateric and asymateric alog | Jwt helper library | No | - No support for fetching keys from jwks | - great community support and used by thousands of porjects and crates | Actively maintained | https://github.com/Keats/jsonwebtoken | https://crates.io/crates/jsonwebtoken | https://docs.rs/jsonwebtoken/7.2.0 |
| otpauth | Yes | - Otp creation and validation | Otp auth library | No | - no support for secret generation | - support both : - topt - htop | passively maintained | https://github.com/messense/otpauth-rs | https://crates.io/crates/otpauth | https://messense.github.io/otpauth-rs |
| boringauth | No | - otp creation and validation | Otp auth library | No | - highly configurable - support for pasword | - support both: - topt - htop | maintained | https://github.com/ThinkAlexandria/BoringAuth.git | https://crates.io/crates/boringauth | https://docs.rs/boringauth/0.9.0 |
| asap | Yes | - ASAP Tokens(JWT with custom claims) | ASAP Auth library | No | - No support for JWKS | - super fast - supported by atlassian | https://bitbucket.org/atlassianlabs/rust-asap/ | https://crates.io/crates/asap | https://docs.rs/asap/0.9.0 | |
| jwks-client | Yes | - JWT validation using JWKS | JWT auth middleware | Yes | - works only for rocket web framework | - uses JWKS | Actively maintained | https://github.com/jfbilodeau/jwks-client | https://crates.io/crates/jwks-client | https://github.com/jfbilodeau/jwks-client |
| digest | Yes |