Rust and OICD and gateway/proxy

⚓ Rust 📅 2026-06-13 👤 surdeus 👁️ 1

Info

This post is auto-generated from RSS feed The Rust Programming Language Forum - Latest topics. Source: Rust and OICD and gateway/proxy

We have a collection of services over the web that have grown over the last few years with total disregard for security. That was OK they were all proofs of concept nowhere near productionizing. Of course now I have been tasked with catering for user signup, authentication login, logouts, roles etc, etc. Basically the idea is to have a front end gateway/proxy that handles all that stuff and forwards authenticated connections to the backend services.

Being a long time application and embedded system developer I know nothing about any of this. In general I'm allergic to web development, I have had to deal with it in the past and it always seemed to be a swamp full of alligators and snakes with all that node.js and js and frameworks etc. And PHP before that.

Latching on to the idea that OIDC is the thing now a days I find the problem is that all the information, SDKs and examples of using OIDC I found are in JS and such. Eweee. So last week I set about building such a proxy/gateway in Rust and I now have something that works, at least with the services of Auth0 and Clerk. My AI friend helped but we won't talk about that neither will I burden you with the code (Which actually looks quite good by the way). It's a mashup of Axum, reqwest, serde etc as one might expect.

On further investigation today I discover there are crates that look like they do what we want already. For example axum-oidc-client for all that sign up, login, logout stuff. And Axum-oidc-layer for backend bearer token checking.

Brilliant, how come I missed these in my original investigations. Obviously it would be better to not roll our own when it comes to security and use something robust and well used/tested.

Anyway. My questions:

Given that I'm now going to rebuild our gateway/proxy what other options in Rust world should I be looking at? Different web frameworks, different OIDC crates etc.

Does anyone here have experience of such things. What should I pay special attention to?

Any links to good resources to learn more about such things?

Heck, is this even a good idea or are there better ways?

Any hints, tips and suggestions welcome.

Be patient I'm not up to speed with the language people use to talk about all this web and security stuff.

1 post - 1 participant

Read full topic

🏷️ Rust_feed

👍 󠁮󠁮󠁮󠁮 👎 󠁮󠁮󠁮󠁮