Releases: lpotthast/axum-keycloak-auth
v0.6.0
What's Changed
- oidc-discovery: allow user to specify retry strategy by @dspicher in #12
- Fix typo in lib.rs -> "puiblic" to "public" by @Tockra in #14
- Cargo.toml: allow users to specify tls implementation by @dspicher in #13
- Cargo.toml: update reqwest dependency by @dspicher in #19
- Allow token validation outside the axum middleware context by @Tockra in #18
- Changed response codes in error case by @Tockra in #22
- Allow to configure where the auth token will be passed by @Tockra in #23
- Prevent keycloak requests by @Tockra in #29
New Contributors
Full Changelog: v0.5.0...v0.6.0
v0.5.0
Changes
Properties from the KeycloakToken
which were in fact optional are now represented through an extra (serde-flattened) generic type (@fMeow #9)).
The new ProfileAndEmail
type is used as the generics default, which will match the previous behavior of this library.
You can now provide an additional struct in which remaining token claims are deserialized. Here is an example that shows how you can define such a struct and use it by explicitly setting the new generic type parameter of KeycloakToken
when both creating the layer as well as handling a request.
#[derive(Deserialize, Clone)]
struct MyExtra {
pub email: String,
pub preferred_username: String,
pub foo: String
}
pub async fn protected(Extension(token): Extension<KeycloakToken<String, MyExtra>>) -> Response {
(StatusCode::OK,format!("Hello {}", token.extra.foo)).into_response()
}
let router = Router::new().route("/protected", get(protected)).layer(
KeycloakAuthLayer::<String, MyExtra>::builder()
.instance(instance)
.passthrough_mode(PassthroughMode::Block)
.persist_raw_claims(false)
.expected_audiences(vec![])
.required_roles(vec![])
.build(),
);
v0.4.1
v0.4.0
axum-keycloak-auth
can now automatically perform OIDC discovery!
This means that DecodingKey
s must and can no longer be supplied manually.
Check the documentation for updated instructions on how to set up a protected router.
If setting up a custom decoding key was a requirement for you, and you want to see the possibility of that preserved as a feature, let me know by opening an issue.
Changes
- OIDC discovery (automatically retried on JWT-decode failures)
- Support a list of audiences when parsing the token claims
- Updated the
snafu
dependency from0.7
to0.8
First contributions
v0.3.0
v0.2.0
Changes
- The
KeycloakAuthLayer
now requires the new fieldexpected_audiences
to be set. JWT claims may include the 'aud' field. Token validation now requires a vec of accepted audience values to be present. Check which values were previously send in your tokens. For example: If your token claims containd"aud": "account"
, specify that value to be accepted like inKeycloakAuthLayer::builder() // [...] .expected_audiences(vec![String::from("account")]) .build()
- Updated
jsonwebtoken
dependency from version8
to9
- Updated
typed-builder
dependency from version0.14
to0.18