gitwtfhub

wtf is wasi-auth-middleware?

codeitlikemiley/wasi-auth-middleware — explained in plain English

Analysis updated 2026-07-19 · repo last pushed 2026-06-03

RustAudience · developerComplexity · 3/5MaintainedLicenseSetup · moderate

TL;DR

A Rust authentication toolkit providing ready-made login options like email codes, magic links, OAuth2, two-factor auth, and passkeys, with pre-built UI and modular design running on WebAssembly.

Mindmap

mindmap
  root((repo))
    What it does
      Email one-time passwords
      Magic links
      OAuth2 logins
      Two-factor auth
      WebAuthn passkeys
    Tech stack
      Rust
      WebAssembly
      JWT tokens
    Storage backends
      Redis
      DynamoDB
      SQLite
    Use cases
      SaaS login with Google
      Add two-factor auth
      Add passkey support
    Audience
      Rust web developers
      SaaS builders
    License
      MIT and Apache 2.0
      Commercial use allowed

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Add Google or GitHub OAuth2 login to a Rust web app without stitching together multiple libraries.

REASON 2

Set up two-factor authentication with TOTP codes for existing users in your SaaS product.

REASON 3

Enable WebAuthn passkey support so users can log in without passwords.

REASON 4

Use the included demo app to see every authentication flow working before integrating into your own codebase.

What's in the stack?

RustWebAssemblyJWTRedisDynamoDBSQLite

How it stacks up

codeitlikemiley/wasi-auth-middleware0xr10t/pulsefi404-agent/codes-miner
Stars00
LanguageRustRustRust
Last pushed2026-06-03
MaintenanceMaintained
Setup difficultymoderatehardmoderate
Complexity3/54/53/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · moderate Time to first run · 30min

Requires a recent Rust version and comfort with bleeding-edge WebAssembly tooling.

Use freely for any purpose, including commercial use, as long as you keep the copyright notice. Dual-licensed under MIT and Apache 2.0.

Wtf does this do

Wasi Auth Middleware is a toolkit that handles user login and authentication for web apps built in Rust. Instead of writing your own login flows from scratch, you get a bundle of ready-made options: email one-time passwords, magic links, OAuth2 logins through providers like Google and GitHub, two-factor authentication with TOTP codes, and WebAuthn passkeys. It also ships with pre-built UI components so your login screens look polished out of the box. At a high level, it works as a middleware layer that sits in front of your app and intercepts incoming requests to check whether users are authenticated before letting them through. It manages sessions using JWT tokens and can plug into various storage backends, Redis, DynamoDB, SQLite, or others, so you can pick whichever fits your infrastructure. A notable technical detail is that it runs on WebAssembly, meaning the authentication logic can run in lightweight, sandboxed environments rather than requiring a traditional server runtime. The main audience is Rust developers building web applications who need a complete, flexible authentication system. A concrete use case: you are building a SaaS product and want users to log in with Google, set up two-factor authentication, and use passkeys, this project gives you all of that without stitching together a dozen different libraries. It also includes a demo app showing every auth flow wired up, which helps you see how things fit together before integrating into your own codebase. What stands out is the modular design. The project is split into focused pieces, core auth logic, trait abstractions for storage and email, UI components, OAuth2 provider presets, and the standalone proxy interceptor. You can adopt just the parts you need. The tradeoff is that it targets a relatively new WebAssembly standard and requires a recent Rust version, so it assumes some comfort with bleeding-edge tooling. The project is dual-licensed under MIT and Apache 2.0, which is standard for Rust open-source libraries and lets you use it in commercial projects.

Yoink these prompts

Prompt 1
Help me integrate wasi-auth-middleware into my Rust web app so users can log in with Google OAuth2 and enable two-factor authentication with TOTP codes.
Prompt 2
I want to use wasi-auth-middleware to add WebAuthn passkey support to my existing Rust application. Walk me through configuring the middleware and wiring up the passkey flow.
Prompt 3
Set up wasi-auth-middleware with SQLite as the storage backend for sessions and show me how to configure email magic link login using the built-in trait abstractions.
Prompt 4
Using the wasi-auth-middleware demo app as a reference, help me understand how to adopt only the OAuth2 provider presets and pre-built UI components without pulling in the entire toolkit.
Prompt 5
Help me configure wasi-auth-middleware to run in a WebAssembly sandboxed environment with Redis as the session storage backend for my Rust web service.

Frequently asked questions

wtf is wasi-auth-middleware?

A Rust authentication toolkit providing ready-made login options like email codes, magic links, OAuth2, two-factor auth, and passkeys, with pre-built UI and modular design running on WebAssembly.

What language is wasi-auth-middleware written in?

Mainly Rust. The stack also includes Rust, WebAssembly, JWT.

Is wasi-auth-middleware actively maintained?

Maintained — commit in last 6 months (last push 2026-06-03).

What license does wasi-auth-middleware use?

Use freely for any purpose, including commercial use, as long as you keep the copyright notice. Dual-licensed under MIT and Apache 2.0.

How hard is wasi-auth-middleware to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is wasi-auth-middleware for?

Mainly developer.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.