Mellon - Authentication library for Rust-based web sites

Modern websites need to support more than just username- and password-based login. This library crate provides functionality to add the following authentication methods to your Rust-based website:

• Password
• TOTP
• WebAuthn

Currently supported Rust web frameworks:

• poem-openapi

This software is still alpha quality.

lib.rs:

Mellon - Authentication addon library for REST web services

Modern web authentication is more complex than only username and password. This opiniated library provides convenient routes for authentication with username plus any of the following:

• Password
• TOTP: Time-based passwords
• WebAuthn: Login with security keys like YubiKeys (non-resident keys only)

The choice of dependencies has been influenced by this article from 2020: https://blog.logrocket.com/9-rust-authentication-libraries-that-are-ready-for-production/

The library assumes that each user identifies themselves with a identifier::SaneName. Each user also has a persistent uuid::Uuid that is stored by the library, so that the user can change their login name. Authenticated REST requests should use the Authenticated HTTP Header with a value of Bearer: JWT where JWT is a JSON web token encoded in base64. The JSON web token can be generated with this library.

This library is intented to be used with different Rust web frameworks. Currently, only poem-openapi is supported. See the examples folder for details.

This crate is still work in progress and this is an alpha open source release. Most of the functionality is already there, but there is still room for more improvements.