ianlintner068/oauth2-server

By ianlintner068

Updated 26 days ago

Rust OAuth2 Actix Web Server

Image
Security
0

10K+

ianlintner068/oauth2-server repository overview

Rust OAuth2 Server (Docker Image)

A production-ready OAuth2 authorization server built with Rust + Actix-web.

This page is written for Docker Hub users who want to run the server without compiling.

Full Documentation: https://ianlintner.github.io/rust-oauth2-server/

Image name used in examples: ianlintner068/oauth2-server

If you publish under a different namespace/name, replace it everywhere below.

Quick start (SQLite, no extra containers)

This runs the server with an embedded SQLite database stored in a Docker volume.

  • UI login page: http://localhost:8080/auth/login
  • Swagger UI: http://localhost:8080/swagger-ui
  • Health: http://localhost:8080/health
1) Generate secrets

In production you must set a JWT secret and (strongly recommended) a persistent session key.

  • OAUTH2_JWT_SECRET: minimum 32 characters (64+ recommended)
  • OAUTH2_SESSION_KEY: 128 hex characters (64 bytes) recommended

Examples:

  • JWT secret (hex, 32 bytes): openssl rand -hex 32
  • Session key (hex, 64 bytes): openssl rand -hex 64
2) Run the container
docker run --rm -p 8080:8080 \
  -e OAUTH2_SERVER_HOST=0.0.0.0 \
  -e OAUTH2_SERVER_PORT=8080 \
  -e OAUTH2_DATABASE_URL=sqlite:/app/data/oauth2.db \
  -e OAUTH2_JWT_SECRET="$(openssl rand -hex 32)" \
  -e OAUTH2_SESSION_KEY="$(openssl rand -hex 64)" \
  -e RUST_LOG=info \
  -v oauth2_data:/app/data \
  --name rust-oauth2-server \
  ianlintner068/oauth2-server:latest

The first start will create /app/data/oauth2.db automatically.

Docker Compose (SQLite)

services:
  oauth2:
    image: ianlintner068/oauth2-server:latest
    ports:
      - "8080:8080"
    environment:
      OAUTH2_SERVER_HOST: 0.0.0.0
      OAUTH2_SERVER_PORT: 8080
      OAUTH2_DATABASE_URL: sqlite:/app/data/oauth2.db
      OAUTH2_JWT_SECRET: ${OAUTH2_JWT_SECRET}
      OAUTH2_SESSION_KEY: ${OAUTH2_SESSION_KEY}
      RUST_LOG: info
    volumes:
      - oauth2_data:/app/data

volumes:
  oauth2_data:

Environment variables (most common)

VariableRequiredExampleNotes
OAUTH2_SERVER_HOSTRecommended0.0.0.0Bind to all interfaces inside the container
OAUTH2_SERVER_PORTOptional8080Defaults to 8080
OAUTH2_DATABASE_URLRecommendedsqlite:/app/data/oauth2.dbAlso supports Postgres URLs
OAUTH2_JWT_SECRETYes (prod)(see above)Must be at least 32 chars; do not use defaults in production
OAUTH2_SESSION_KEYYes (prod)openssl rand -hex 64Must be hex; should be 64 bytes (128 hex chars). Without it, sessions reset on restart
RUST_LOGOptionalinfo / debugRust logging level

Useful endpoints

  • Login UI: GET /auth/login
  • OAuth endpoints:
    • GET /oauth/authorize
    • POST /oauth/token
    • POST /oauth/introspect
    • POST /oauth/revoke
  • OpenID discovery: GET /.well-known/openid-configuration
  • Swagger UI: GET /swagger-ui
  • OpenAPI JSON: GET /api-docs/openapi.json
  • Health: GET /health
  • Readiness: GET /ready
  • Prometheus metrics: GET /metrics

Configuration via application.conf (optional)

By default, the container reads configuration from environment variables.

If you prefer a config file, mount one to /app/application.conf:

docker run --rm -p 8080:8080 \
  -v "$PWD/application.conf:/app/application.conf:ro" \
  -e OAUTH2_JWT_SECRET="$(openssl rand -hex 32)" \
  ianlintner068/oauth2-server:latest

The application.conf format is HOCON and supports environment substitution.

PostgreSQL (production setup)

The Postgres backend is supported, but the schema is expected to be created by Flyway migrations.

Use the repository’s docker-compose.yml (it includes Postgres + Flyway migrations).

To run the prebuilt image, change the oauth2_server service from build: . to:

  • image: ianlintner/rust-oauth2-server:latest

Repository: https://github.com/ianlintner/rust-oauth2-server

Notes & troubleshooting

  • JWT secret warnings: if you don’t set OAUTH2_JWT_SECRET, the server will start with an insecure default intended only for testing.
  • Session key format: OAUTH2_SESSION_KEY must be hex. Use openssl rand -hex 64.
  • SQLite persistence: mount /app/data (or another directory) and point OAUTH2_DATABASE_URL at that path.
  • MongoDB: Mongo support is feature-gated in the Rust build. The default prebuilt image is typically built without Mongo; use SQLite or Postgres.

Source

License

Dual-licensed under Apache-2.0 and MIT.

Tag summary

Content type

Image

Digest

sha256:e6c1b0140

Size

44.4 MB

Last updated

26 days ago

docker pull ianlintner068/oauth2-server:sha-4b122a3