oauth2-server
Rust OAuth2 Actix Web Server
10K+
A production-ready OAuth2 authorization server built with Rust + Actix-web.
This page is written for Docker Hub users who want to run the server without compiling.
Full Documentation: https://ianlintner.github.io/rust-oauth2-server/
Image name used in examples:
ianlintner068/oauth2-serverIf you publish under a different namespace/name, replace it everywhere below.
This runs the server with an embedded SQLite database stored in a Docker volume.
http://localhost:8080/auth/loginhttp://localhost:8080/swagger-uihttp://localhost:8080/healthIn production you must set a JWT secret and (strongly recommended) a persistent session key.
OAUTH2_JWT_SECRET: minimum 32 characters (64+ recommended)OAUTH2_SESSION_KEY: 128 hex characters (64 bytes) recommendedExamples:
openssl rand -hex 32openssl rand -hex 64docker run --rm -p 8080:8080 \
-e OAUTH2_SERVER_HOST=0.0.0.0 \
-e OAUTH2_SERVER_PORT=8080 \
-e OAUTH2_DATABASE_URL=sqlite:/app/data/oauth2.db \
-e OAUTH2_JWT_SECRET="$(openssl rand -hex 32)" \
-e OAUTH2_SESSION_KEY="$(openssl rand -hex 64)" \
-e RUST_LOG=info \
-v oauth2_data:/app/data \
--name rust-oauth2-server \
ianlintner068/oauth2-server:latest
The first start will create /app/data/oauth2.db automatically.
services:
oauth2:
image: ianlintner068/oauth2-server:latest
ports:
- "8080:8080"
environment:
OAUTH2_SERVER_HOST: 0.0.0.0
OAUTH2_SERVER_PORT: 8080
OAUTH2_DATABASE_URL: sqlite:/app/data/oauth2.db
OAUTH2_JWT_SECRET: ${OAUTH2_JWT_SECRET}
OAUTH2_SESSION_KEY: ${OAUTH2_SESSION_KEY}
RUST_LOG: info
volumes:
- oauth2_data:/app/data
volumes:
oauth2_data:
| Variable | Required | Example | Notes |
|---|---|---|---|
OAUTH2_SERVER_HOST | Recommended | 0.0.0.0 | Bind to all interfaces inside the container |
OAUTH2_SERVER_PORT | Optional | 8080 | Defaults to 8080 |
OAUTH2_DATABASE_URL | Recommended | sqlite:/app/data/oauth2.db | Also supports Postgres URLs |
OAUTH2_JWT_SECRET | Yes (prod) | (see above) | Must be at least 32 chars; do not use defaults in production |
OAUTH2_SESSION_KEY | Yes (prod) | openssl rand -hex 64 | Must be hex; should be 64 bytes (128 hex chars). Without it, sessions reset on restart |
RUST_LOG | Optional | info / debug | Rust logging level |
GET /auth/loginGET /oauth/authorizePOST /oauth/tokenPOST /oauth/introspectPOST /oauth/revokeGET /.well-known/openid-configurationGET /swagger-uiGET /api-docs/openapi.jsonGET /healthGET /readyGET /metricsapplication.conf (optional)By default, the container reads configuration from environment variables.
If you prefer a config file, mount one to /app/application.conf:
docker run --rm -p 8080:8080 \
-v "$PWD/application.conf:/app/application.conf:ro" \
-e OAUTH2_JWT_SECRET="$(openssl rand -hex 32)" \
ianlintner068/oauth2-server:latest
The application.conf format is HOCON and supports environment substitution.
The Postgres backend is supported, but the schema is expected to be created by Flyway migrations.
Use the repository’s docker-compose.yml (it includes Postgres + Flyway migrations).
To run the prebuilt image, change the oauth2_server service from build: . to:
image: ianlintner/rust-oauth2-server:latestRepository: https://github.com/ianlintner/rust-oauth2-server
OAUTH2_JWT_SECRET, the server will start with an insecure default intended only for testing.OAUTH2_SESSION_KEY must be hex. Use openssl rand -hex 64./app/data (or another directory) and point OAUTH2_DATABASE_URL at that path.Dual-licensed under Apache-2.0 and MIT.
Content type
Image
Digest
sha256:e6c1b0140…
Size
44.4 MB
Last updated
26 days ago
docker pull ianlintner068/oauth2-server:sha-4b122a3