DEV Community

Cover image for RustAuth: a Better Auth-inspired toolkit for Rust apps
Sebastian
Sebastian

Posted on

RustAuth: a Better Auth-inspired toolkit for Rust apps

#rust #security #webdev #opensource

I’m building RustAuth, an authentication toolkit for Rust applications.

The idea is simple: give Rust developers a clean, extensible auth foundation without forcing them into a hosted provider, a specific framework, or a pile of one-off glue code.

👉 rustauth.dev

Rust already has great crates for auth-related pieces: hashing, cookies, sessions, OAuth, JWTs, databases, middleware, and more.

But when you are building real products, auth usually becomes more than login and logout.

You eventually need things like:

- Email/password
- Sessions
- OAuth/OIDC
- Passkeys
- SAML
- SSO
- SCIM
- Organizations
- Database adapters
- Payment flows
- Framework integrations
Enter fullscreen mode Exit fullscreen mode

Most Rust solutions I found were either excellent low-level building blocks, framework-specific examples, or focused libraries for one part of the problem.

That is not a bad thing. It is actually one of Rust’s strengths.

But I wanted something more product-oriented: a toolkit that starts simple, stays modular, and can grow with the app.

That is the direction of RustAuth.

What RustAuth is trying to be

RustAuth is not a hosted auth platform. It is not trying to take over your application. It is meant to be part of your backend.

With RustAuth:

  • You own your database.
  • You own your user model.
  • You choose the features you need.
  • You keep auth close to your product logic.

The goal is a Better Auth-inspired developer experience, designed for Rust instead of copying JavaScript patterns directly.

let auth = RustAuth::new()
    .adapter(db)
    .email_password()
    .oauth()
    .build();
Enter fullscreen mode Exit fullscreen mode

Simple when you start. Composable when your product grows.

Why I care about this

Auth is one of those things that looks small until it is not.

Login is easy.

Then come sessions, account linking, token rotation, email verification, OAuth callbacks, permissions, teams, SSO, enterprise requirements, billing states, audit logs, and edge cases you did not think about on day one.

I want RustAuth to help with that progression.

Not by hiding everything, but by giving Rust developers a solid structure to build on.

Current status

RustAuth is still early.

The API will evolve, docs will improve, and more integrations are coming. Right now, the focus is on getting the architecture right: core primitives, adapters, plugins, and framework integrations that feel natural in Rust.

You can check it out here:

👉 rustauth.dev
👉 https://github.com/salasebas/rustauth

Feedback is very welcome, especially from Rust developers building real apps.

Top comments (0)