Rust · axum · actix-web · Rocket · warp · poem

Authentication for axum and every Rust framework

Session middleware, an AuthContext extractor, a require_auth gate, and a logout handler for Rust backends — with dedicated crates for axum, actix-web, Rocket, warp, and poem on a shared authdog-core. Validate Authdog sessions on every request, on the same wire as the Node SDKs.

Start building Read the docs

Wire the middleware

main.rs

// main.rs
let authdog = Authdog::new(&pk).expect("invalid public key");
 
let app = Router::new()
  .route("/me", get(me).layer(from_fn(require_auth)))
  .layer(from_fn_with_state(authdog.clone(), attach_session));

Idiomatic per framework, one core

Everything Rust APIs need

Session middleware, an extractor, and a require_auth gate — as a dedicated crate for axum, actix-web, Rocket, warp, or poem, all wire-compatible with the rest of your Authdog stack.

A crate per framework

authdog-axum, authdog-actix, authdog-rocket, authdog-warp, and authdog-poem each wrap the shared authdog-core idiomatically — middleware and extractors that surface token, user, and is_authenticated.

require_auth gate

Layer require_auth on protected routes and axum responds 401 for unauthenticated requests before your handler runs. This is the security boundary.

Validated at startup

Authdog::new parses and validates the public key once at boot, so a malformed or untrusted key errors immediately instead of at the first request.

Skip the userinfo round-trip

Build with .fetch_user(false) for high-throughput services that validate tokens elsewhere, and supply your own reqwest client when you need to.

Reads the cookie itself

attach_session reads the authdog-session cookie or an Authorization: Bearer header directly, and logout expires the cookie with HttpOnly and SameSite=Lax.

Same wire as Node

It mirrors @authdog/express and @authdog/fastify on the wire, so one Authdog environment serves your Node and Rust services interchangeably.

Read the session as an extractor

Resolve the user with AuthContext

Once attach_session is layered, any handler can take AuthContext as an argument to read the verified user — and require_auth rejects unauthenticated requests before the handler runs.

handlers.rs

// handlers.rs
async fn me(ctx: AuthContext) -> Json<Value> {
  Json(ctx.user.unwrap_or(Value::Null))
}

Ship fast, secure Rust services

Authdog's Rust SDK validates sessions on every request and enforces auth at a single gate across axum, actix-web, Rocket, warp, and poem, with the public key checked once at startup.

1 layer

To resolve sessions everywhere

Add attach_session as a router layer once and every request carries an AuthContext — usable as an extractor in any handler.

require_auth

The single enforcement point

Layer require_auth on a route and unauthenticated requests are rejected with 401 before your handler runs.

Frameworks, one core

axum, actix-web, Rocket, warp, and poem crates share the same public-key, cookie, and userinfo logic in authdog-core — add the crate for your stack.

Add auth to your Rust API.

Add the crate for your framework, wire the middleware, and gate your routes with require_auth today. Free to start, with secure defaults built in.

Start Building