Authkestra Logo
Authkestra
v0.1.2 Released

Authentication Orchestrator for Rust

A modular, framework-agnostic authentication orchestration system emphasizing explicit control flow, strong typing, and composability.

Get StartedView on GitHub

Built for Rust Developers

Designed with Rust's philosophy in mind: explicit, composable, and type-safe.

Modular Design

Strictly separated concerns with composable crates for core, flow, session, token, and framework adapters.

Explicit Control Flow

No magic middleware. Dependencies and context are injected explicitly via Extractors or constructors.

Provider Agnostic

Easily integrate new OAuth providers by implementing the OAuthProvider trait. GitHub, Google, and Discord included.

OpenID Connect

Full OIDC support with automatic discovery, JWKS validation, and PKCE for enhanced security.

Session Management

Flexible session storage via the SessionStore trait with in-memory, Redis, and SQL support.

Stateless Tokens

Comprehensive JWT signing, verification, and offline validation for scalable stateless authentication.

Get started in minutes

Authkestra integrates seamlessly with Axum and Actix-web. Set up GitHub OAuth, session management, and protected routes with just a few lines of code.

  • Type-safe extractors for session and token access
  • Automatic route generation for OAuth callbacks
  • Flexible session stores (Memory, Redis, SQL)
  • Built-in support for popular providers
View Quick Start Guide
main.rs
rust
1use authkestra_axum::{AuthkestraAxumExt, AuthSession};
2use authkestra_flow::{Authkestra, OAuth2Flow};
3use authkestra_providers_github::GithubProvider;
4use authkestra_session::MemoryStore;
5

6#[tokio::main]
7async fn main() {
8    let provider = GithubProvider::new(
9        env::var("GITHUB_ID")?,
10        env::var("GITHUB_SECRET")?,
11        "http://localhost:3000/auth/github/callback".into(),
12    );
13

14    let authkestra = Authkestra::builder()
15        .provider(OAuth2Flow::new(provider))
16        .session_store(Arc::new(MemoryStore::default()))
17        .build();
18

19    let app = Router::new()
20        .merge(authkestra.axum_router())
21        .route("/me", get(me));
22

23    axum::serve(listener, app).await.unwrap();
24}
25

26async fn me(AuthSession(session): AuthSession) -> String {
27    format!("Hello, {}!", session.identity.username)
28}