In this post of the series, I'll be covering authentication. This is based on this one but I'll be using the 1.0 version of actix-web.
We're going...
For further actions, you may consider blocking this person and/or reporting abuse
Hey Werner,
Great series here!
Anyway, got a quick tip for ya!
You could edit all of these posts to include "series: whatever name you'd like for your series" in the front matter of each one. This'll connect your posts with a cool little dot scroll option at the top of each post that lets the reader easily flip between posts in the series.
I've no idea what this option is actually called, so we're going with "dot scroll" ... but anyway, it looks like this:
... in my posts here & here. Haha, totally feeling the guilt for abandoning this series, right now. 😔
Anyway, it's not a must-do by any means, just a nice-to-have in case you wanna!
Thanks!, I was thinking about how to do something like that.
No problem at all! 😀
Hi Werner,
Nice series, have you consider making a testing part? I'm having problems testing handlers with the Identity middleware and passing Form data to the TestRequest. I've searched everywhere for this and found nothing; and also the official documentation is very lacking in this regard.
Again, thanks for the good work
Hi, thanks for your kind words, the testing part is out, if you find it useful, please let me know, if you doesn't please let me know too, :).
Seriously? It was a coincidence? are you some sort of superhero? are you reading my mind right now? (I wouldn't recommend that)
thanks a lot, plus another lot. I'm gonna check it out right now :)
lol, you made my day, thanks for your words. Yes, it was a coincidence. I'm planning on creating more content and release it as soon as I can, I'm waiting for your comments on that post, even if it's a bad one, :P.
Not you codes problem, but a problem with csrf-token
Problem with this line:
csrf-token = { git = "ssh://git@github.com/3dom-co-jp/csrf-token.git", branch="v0.2.x" }
It has issues, I am sure someone will fix it soon, seems to be with ssh, it is not set to public, so it asks for credentials.
I tried to use this with the same result, and I am sure this is temporary.
csrf-token = { git = "ssh://git@github.com/future-science-research/csrf-token.git", branch="v0.2.x" }
My question is why not use this instead:
github.com/heartsucker/rust-csrf
Currently, I can not build the project because of this, but great article.
I am looking at converting it just to check it out, thanks.
Yeah, sorry, it's fixed in master:
-
I had not found a way to use it easily with Actix web, it seems a plugin to be used with iron.
Hi, thanks for reporting this, I'll fix it as soon as possible.
Regards.
I was reading about security issues with jwt, I am looking at docs.rs/crate/rust-argon2/0.6.0 it uses Argon2i, I know you said you use it for its stateless features, but that is also an exploitable security risk, whereas Cookies are not the best way to stay stateless and be secure, you can use in-memory cookies or even in-memory sessions, you can even encrypt them, but passing them in json is a nightmare for middle man attacks, and in-memory are safer, and faster IMO.
I am working on this now, trying to come up with a better solution.
It would be great to add Oauth2 login to include facebook and google using the Oauth2 library would be a good start.
Hi, is there a reason to choose jwt over the default actix-web auth system?
The default actix-web auth system uses cookies, I wanted to take advantage of all the features that jwt provides, like stateless authentication, so, I don't need to request a token against the database for every action the user does. That's the idea in theory, in a next post I'll try to write a front application that consumes the jwt.