Build Auth Into Your Rust Web Application (OAuth2)
Vložit
- čas přidán 15. 07. 2024
- A walkthrough of one way to secure your Rust backend and/or frontend. In the video we use Yew for the frontend, Actix-Web for the backend, and AWS Cognito for our OAuth provider. Our approach isn't tightly coupled with the backend framework or OAuth provider, so feel free to substitute those with whatever you'd like to use. It is somewhat coupled with Yew though, since we use the yew-oauth2 crate.
00:00 Full Stack Auth Strategy
02:23 Rust Frontend Auth
04:27 Rust Backend Auth
07:15 Closing Thoughts
The code covered in the video can be found here: github.com/Me163/youtube/tree...
Setting up Yew: • Build A Rust Frontend ...
Setting up Actix-Web: • Build A Rust Backend (...
Stuff I use to make these videos - I absolutely love all of these products. Using these links is an easy way to support the channel, thank you so much if you do so!!!
Camera: Canon EOS R5 amzn.to/3CCrxzl
Monitor: Dell U4914DW 49in amzn.to/3MJV1jx
Lens: Sigma 24mm f/1.4 DG HSM Art for Canon EF amzn.to/3hZ10mz
SSD for Video Editing: VectoTech Rapid 8TB amzn.to/3hXz9TM
Microphone: Rode NT1-A amzn.to/3vWM4gL
Microphone Interface: Focusrite Clarett+ 2Pre amzn.to/3J5dy7S
Tripod: JOBY GorillaPod 5K amzn.to/3JaPxMA
Keyboard: Redragon Mechanical Gaming Keyboard amzn.to/3I1A7ZD
Mouse: Razer DeathAdder amzn.to/3J9fYCf
Computer: 2021 Macbook Pro amzn.to/3J7FXtW
Caffeine: High Brew Cold Brew Coffee amzn.to/3hXyx0q
More Caffeine: Monster Energy Juice, Pipeline Punch amzn.to/3Czmfox - Věda a technologie
This is fantastic! I literally have 5 requests this week to cover OAuth, I'll post this video instead.
Thanks Dario!! Really appreciate the support!
I enjoy the fast pace of your videos, keep it up and thank you for the great content.
Nice, glad you find it valuable and thanks for watching!
Love your videos and the pacing is a bit fast but I think that's a nice shift from many videos which move in the opposite direction. One thing which would be nice is if you could link the code in your videos here so that people can refer to that too.
thanks Ken! Getting the pacing right is definitely a challenge - I often ping pong back and forth between "too fast" and "too slow". Thanks for the feedback and for pointing out that I neglected to put code links in the description, i'll add it! My GitHub repo is here: github.com/Me163/youtube , you can find the code under "KonaaAuth"
I think it's a bit too fast now, too, but care less about the tipping speed-up. Instead, pause a bit for each screen full of code as you explain so we can digest it. There were a couple segments where code quickly scrolled off the screen. I have experience writing some of what you teach on other languages, and your videos are great for seeing how to do it on rust on popular frameworks. I just need a bit of time to digest the code. Others less familiar with the concepts on any language may need more.
I think somewhere between this and your older ones is a happy medium. Again, maybe the typing speed-up for small blocks of code is fine, but pause on each screen a bit longer. Just a thought
Thanks for all your great content!
Amazing
Thank you for the excellent content on bringing such a complex topic to simple explanation
Thanks for watching, glad you found it valuable!
Yes i needed this , thank you 🔥
awesome, really happy you found it valuable!
Thanks for making this!
Glad you found it valuable, thanks for watching!
This is a great tutorial and helped get started with where I want to go. If I was to add some input, .expect() should be a temporary catch for error handling. Just write something more tangible than "TODO better error handling" because it doesn't take much time to think of something more descriptive for the error and serves as a better aid when trying to debug your code.
thanks and great feedback!
Fantastic! I was having trouble with auth earlier in the year, and there were no tutorials/examples.
Thanks Nick, glad you found it valuable! This was definitely a tricky one to make because of scarcity of examples...
@@codetothemoon Do you know how to make the OAuth2 config variable? For example, using a different auth_url between environments?
I imagine I would just need to read in a config file at runtime and parse it into the Config struct, but maybe there's a more suitable way?
Oh no, it might have to be an HTTP GET since it is the browser that needs it. SO I guess the file could be served as a public asset.
@codetomoon, thanks for this very helpful video. Was finally able to make your code run and properly authenticate with Cognito. What would also really be helpful is if you can share your DynamoDB schema and sample data so anyone following your instructions can get to see the code run exactly as you did in the demo. Again, appreciate all your videos. Love the pace and the quality of the videos. Thanks again!
nice, really happy you were able to get it working! I'm not sure if I'll be able to circle back and grab the schema for this one, but I'll try to do that in the future - thanks for the feedback!
Awesome job!
Thanks Zach!
Thank you man
Thanks for watching!
Is it possible to use third party auth in frontend like Firebase or Supabase and use them to verify users in our custom backend in Rust actix?
😳 Ok, Need to watch it again… and again… maybe with half speed 😬
yeah i tried to cram a lot of detail into a small amount of time with this one. i'd like to think that I've got a slightly better handle on pacing now :)
Including another auth provider (like Google) would be painful? It seems there is a lot of code specifically for AWS cognito.
What about OAuth on Leptos? 👀
Actually as far as I know, OAuth is meant for authentication and Authorization is included with OIDC.
thank you! do you have an exmaple of Yew integrate with AzureAD?
thanks for watching! sorry, I've never used AzureAD
if you can give github links in description to the code that you write , that will be heplful .
Good idea, I've just added it! github.com/Me163/youtube/tree/main/KonaaAuth
@@codetothemoon thankyou
@@codetothemoon if it's not asking too much, can you include your DynamoDB schema and sample data as well? Code your code to work and authenticate but would be nice if we can make it work exactly as how you've done it in your video. Thanks
I think there's an unnecessary (and maybe even unsecure) step included when retrieving the access token. As the RFC 6749 for OAuth2 specifies in the recommended flow under section 1.2:
...
(C) The client requests an access token by authenticating with the
authorization server and presenting the authorization grant.
(D) The authorization server authenticates the client and validates
the authorization grant, and if valid, issues an access token.
...
So the client should not get the access token through our system, but rather directly from the authorization server (here aws incognito). What do you think?
thanks for bringing this up! The problem here is that CORS will prevent fetch requests from going to any domain other than the one from which our js/wasm was retrieved from. So while browsers are ok with us redirecting the user to another page with a different domain (the cognito hosted login page), the js/wasm at localhost (or some custom domain, ie kona.io) can't directly fetch data from the cognito domain. There are other ways to make the domains match via some kind of reverse proxy, so from the client perspective all requests appear to be going to the same origin domain, so the browser will allow them. With a setup like that you wouldn't need to create the token endpoint. But that would make things difficult to test locally. If you take a look at the sk-auth framework for SvelteKit, you'll see that it takes an approach similar to what we show in the video. I believe NextAuth.js also takes this approach, but I haven't actually tried/confirmed that.
@@codetothemoon Thanks for your information. I think a solid implementation of OAuth2.0 in JS is provided by AppAuth. They have also libraries for Android/iOS and they will handle the whole token exchange for you without the need for building additional an endpoint.
@@1879heikkisorsa re: Android/iOS, you wouldn't need the proxy endpoint in this situation because they are not constrained by CORS (even if the app is web view based). CORS is only a constraint in the web application case. So if you were to use AppAuth.js for a web application (not an Android/iOS/macOS etc app) you'd still need the proxy endpoint.
@@codetothemoon cool to know 😊
The (frontend) server can supply a Content-Security-Policy to allow requests to different domains, so I think this is possible, unless I missed something in the other comments.
yea simple
Not too bad right?
When I work with oauth2 it seems easier than while watching this video
yikes, is the video overly complicated?
@@codetothemoon for me when you do stuff like authorization, I would prefer focusing just on parts that do it (not building yew app with some random libraries to handle oauth2 staff), after getting code to request oauth2 I'm up to testing everything in postman instead of building small apps with wasm where rust is entire stack
@@codetothemoon I don't think it's too complicated. I think people watching this video just need to supplement this by watching videos for concepts you said you deliberately skipped for the sake of brevity. In my case I watched other videos particularly on how to setup AWS Cognito User Pool and OAuth2 before going back to review this video.
copycat version of fireship
These allegations are 100% correct!
I went looking for the fireship video mentioned in this comment hoping it will provide additional helpful information. I think I found it but this video is definitely is not a copy. This is the only instructional video I found that helped me setup a working Rust-Cognito-OAuth2 environment. @codetothemoon, please continue what you're doing. Thanks