Build an API in Rust with JWT Authentication using actix-web

Learn how to implement a simple REST API with JWT Authentication in Rust using the actix web framework and Diesel.

Brought to you by @abhishek.chanda

Read on

Hey everyone! Once the article is here let us know what you think and contribute to the discussion!

Thanks a lot for the article! Amazing timing too, as I literally yesterday felt like I wanted to start writing this hobby project of mine. I had chosen to use Hyper as a “framework” for my API, a lot of what was written here ended up being easily transferrable.

One thing that got me a little stuck was this bit in the code:

    let domain = std::env::var("DOMAIN").expect("DOMAIN must be set");
    let jwks = fetch_jwks(&format!("{}{}", domain.as_str(), ".well-known/jwks.json"))
        .expect("failed to fetch jwks");

From skimming the article, it felt to me like the DOMAIN variable from .env was supposed to match the audience from the token/identifier URL in my API details on the dashboard.

Firstly, the format! given the example would result in https://example.com.well-known/jwks.json. Second, I ended up using what would be the authority/domain in my application from the dashboard (https://dev-00-abcde.eu.auth0.com/) in place of the DOMAIN, which did result in an authentication success.

Given that I’m pretty much entirely green when it comes to JWT and the concepts of implementing this, I might have reached some faulty conclusion however… I wouldn’t know!

The points of interest in my source code can be found here (Sorry, it’s not amazingly pretty).

Just pinged article author about that!

Hi @kent.daleng thanks for pointing that out. You are right that the given example will not work since the URL is wrongly generated. I tested using an actual tenant but forgot the trailing slash while publishing. Here is what we will change in the blog post:

  1. Rename DOMAIN to AUTHORITY
  2. Put a trailing slash in the .env file
  3. Clarify that the trailing slash is required in this case
2 Likes

Thanks a lot for the headsup @abhishek.chanda!

1 Like

Hello,

Just some nits while reading the blog post:

Thanks for the awesome work!

1 Like

Welcome to our Auth0 Community, Vincent!

Thank you for reading the post and for your feedback :slight_smile: I fixed the 404, the repo was not public yet :pray:

I am rusty in Rust :smile_cat: So, I’ll let @abhishek.chanda drive the other question :sweat_smile:

Thanks for your answer, but the repo is still private :wink:

Cheers

1 Like

Ah, yes! The one that I opened is different. Let me double-check with the author and I’ll get back to you on that one :slight_smile:

Thanks for reporting that @Bordelons!

I’m sure @abhishek.chanda (the article author) will look at that once he’s online.

Howdy, the repo should be public now :slight_smile:

Btw, we are looking to push an update that uses SQLite instead of PostegreSQL for easier setup. What do you think about this change? :slight_smile:

Hello, Manuel. Thanks for reading and welcome to our Community. Are you providing us insight on your use case or would you like guidance on how to achieve that integration of a frontend Single Page App with a Rust Actix API?

Hi Thank you for the very helpful tutorial !

While playing with the code I encountered to the following problem.

As mentioned in https://tools.ietf.org/html/rfc7519#section-4.1.3, aud claims can contain array of strings. And Auth0 sometimes returns such JWT but the validation function of alcoholic_jwt does not take into account about that.

Since the gihub repo was moved to the author’s personal server, I could not find a way to raise an issue there.

I am rather newbie and not sure if I could find a workaround by myself. Anyway I am going to look into a fix, or rewrite with jsonwebtoken