Torii
[!WARNING] This project is in early development and is not production-ready. The API is subject to change without notice.
Overview
Torii is a powerful authentication framework for Rust applications that gives you complete control over your users' data. Unlike hosted solutions like Auth0, Clerk, or WorkOS that store user information in their cloud, Torii lets you own and manage your authentication stack while providing modern auth features through a flexible service architecture.
With Torii, you get the best of both worlds - powerful authentication capabilities like passwordless login, social OAuth, and passkeys, combined with full data sovereignty and the ability to store user data wherever you choose.
Check out the example todos to see Torii in action.
Features
- Password Authentication: Secure password-based login with bcrypt hashing
- OAuth/OpenID Connect: Social login with major providers (Google, GitHub, etc.)
- Passkey/WebAuthn: Modern passwordless authentication with FIDO2
- Magic Links: Email-based passwordless authentication
- Session Management: Flexible session handling (opaque tokens or JWTs)
- Full Data Sovereignty: Store user data where you choose
- Multiple Storage Backends: SQLite, PostgreSQL, MySQL support
- Type Safety: Strongly typed APIs with compile-time guarantees
- Async/Await: Built for modern async Rust applications
Storage Backend Support
| Authentication Method | SQLite | PostgreSQL | MySQL (SeaORM) |
|---|---|---|---|
| Password | ✅ | ✅ | ✅ |
| OAuth2/OIDC | ✅ | ✅ | ✅ |
| Passkey/WebAuthn | ✅ | ✅ | ✅ |
| Magic Link | ✅ | ✅ | ✅ |
✅ = Supported 🚧 = Planned/In Development ❌ = Not Supported
Quick Start
Add Torii to your Cargo.toml:
[dependencies] torii = { version = "0.5", features = ["sqlite", "password"] }
Basic usage example:
use torii::ToriiBuilder; #[tokio::main] async fn main() -> Result<(), Box<dyn std::error::Error>> { // Build Torii instance with SQLite and auto-migration let torii = ToriiBuilder::new() .with_sqlite("sqlite::memory:") .await? .apply_migrations(true) .build() .await?; // Register a user let user = torii.password().register( "user@example.com", "secure_password" ).await?; // Login user let (user, session) = torii.password().authenticate( "user@example.com", "secure_password", None, // user_agent None, // ip_address ).await?; println!("User logged in: {}", user.email); Ok(()) }
Axum Integration
For web applications, use the torii-axum crate for plug-and-play integration:
[dependencies] torii-axum = { version = "0.5", features = ["sqlite", "password"] }
use std::sync::Arc; use torii::ToriiBuilder; use torii_axum::{AuthUser, CookieConfig, LinkConfig}; use axum::{routing::get, Router, Json}; #[tokio::main] async fn main() -> Result<(), Box<dyn std::error::Error>> { // Build Torii instance with SQLite let torii = Arc::new( ToriiBuilder::new() .with_sqlite("sqlite::memory:") .await? .apply_migrations(true) .build() .await? ); // Create authentication routes with configuration let auth_routes = torii_axum::routes(torii.clone()) .with_cookie_config(CookieConfig::development()) .with_link_config(LinkConfig::new("http://localhost:3000")) .build(); // Build your application with auth routes let app = Router::new() .nest("/auth", auth_routes) .route("/protected", get(protected_handler)) .with_state(torii); // Start server let listener = tokio::net::TcpListener::bind("0.0.0.0:3000").await?; axum::serve(listener, app).await?; Ok(()) } // Protected route handler async fn protected_handler(user: AuthUser) -> Json<serde_json::Value> { Json(serde_json::json!({ "user_id": user.id, "email": user.email })) }
Project Structure
The Torii project is organized into several crates:
Core Crates
torii- Main authentication coordinator and public APItorii-core- Core types, traits, and servicestorii-migration- Database migration management
Storage Backends
torii-storage-sqlite- SQLite storage implementationtorii-storage-postgres- PostgreSQL storage implementationtorii-storage-seaorm- Multi-database storage via SeaORM (SQLite, PostgreSQL, MySQL)
Integration Crates
torii-axum- Plug-and-play Axum integration with routes, middleware, and extractors
Examples
examples/todos- Complete todo application demonstrating Torii integrationexamples/axum-example- Complete Axum web server with SQLite, password authentication, and email support
Architecture
Torii uses a service-oriented architecture:
- Services: Handle business logic for authentication methods (password, OAuth, etc.)
- Repositories: Provide data access abstractions for different storage backends
- Storage Backends: Implement concrete database operations
- Session Providers: Handle session token generation and validation (opaque or JWT)
This modular design allows you to mix and match components based on your needs while maintaining type safety and performance.
Security
[!IMPORTANT] As this project is in early development, it has not undergone security audits and should not be used in production environments. The maintainers are not responsible for any security issues that may arise from using this software.
Contributing
As this project is in its early stages, we welcome discussions and feedback, but please note that major changes may occur.
License
This project is licensed under the MIT License - see the LICENSE file for details.