Name: FutureAuth
Author: FutureAuth

body { font-family: system-ui, -apple-system, sans-serif; max-width: 800px; margin: 0 auto; padding: 2rem; line-height: 1.6; color: #1a1a1a; } h1 { font-size: 2rem; } h2 { font-size: 1.4rem; margin-top: 2rem; border-bottom: 1px solid #e5e5e5; padding-bottom: 0.5rem; } h3 { font-size: 1.1rem; margin-top: 1.5rem; } pre { background: #f5f5f5; padding: 1rem; border-radius: 8px; overflow-x: auto; font-size: 0.9rem; } code { background: #f5f5f5; padding: 0.15rem 0.4rem; border-radius: 4px; font-size: 0.9em; } pre code { background: none; padding: 0; } table { border-collapse: collapse; width: 100%; margin: 1rem 0; } th, td { border: 1px solid #ddd; padding: 0.5rem 0.75rem; text-align: left; font-size: 0.9rem; } th { background: #f9f9f9; } a { color: #059669; } .badge { display: inline-block; background: #ecfdf5; color: #059669; padding: 0.25rem 0.75rem; border-radius: 999px; font-size: 0.85rem; font-weight: 500; margin-bottom: 1rem; } FutureAuthPasswordless auth for Rust apps FutureAuth is an authentication service with a Rust SDK (futureauth crate). It provides magic link and OTP-based passwordless authentication for Rust/Axum web applications. The SDK handles all auth logic locally — users, sessions, and verification codes live in your own Postgres database. FutureAuth's server only delivers OTP codes via email (Resend) or SMS (Twilio). Links: crates.io · GitHub SDK · Sample Project · llms.txt · OpenAPI Docs Installcargo add futureauth --features axum-integrationOr in Cargo.toml:[dependencies] futureauth = { version = "0.4", features = ["axum-integration"] }Quick Start1. Initializeuse futureauth::{FutureAuth, FutureAuthConfig}; use sqlx::PgPool; use std::sync::Arc; let pool = PgPool::connect(&std::env::var("DATABASE_URL")?).await?; let auth = FutureAuth::new(pool.clone(), FutureAuthConfig { api_url: "https://future-auth.com".to_string(), secret_key: std::env::var("FUTUREAUTH_SECRET_KEY")?, project_name: "My App".to_string(), ..Default::default() }); // Creates user, session, verification tables (idempotent) auth.ensure_tables().await?;2. Mount Axum routesIMPORTANT: Use .merge(), NOT .nest(). Routes already have /api/auth/ prefix.use futureauth::axum::{auth_router, AuthSession}; #[derive(Clone)] struct AppState { db: PgPool, auth: Arc<FutureAuth>, } impl AsRef<Arc<FutureAuth>> for AppState { fn as_ref(&self) -> &Arc<FutureAuth> { &self.auth } } let state = AppState { db: pool, auth: Arc::new(auth) }; let app = Router::new() .merge(futureauth::axum::auth_router(state.auth.clone())) .route("/api/me", get(me_handler)) .with_state(state); async fn me_handler(auth: AuthSession) -> Json<serde_json::Value> { Json(serde_json::json!({ "id": auth.user.id, "email": auth.user.email })) }3. Send magic link or OTP// Magic link (one-click email sign-in) auth.send_magic_link("user@example.com", "https://myapp.com/auth/verify").await?; // Email OTP auth.send_otp(OtpChannel::Email, "user@example.com").await?; // Phone OTP (SMS) auth.send_otp(OtpChannel::Phone, "+15551234567").await?;4. Verify and create session// Verify OTP let (user, session) = auth.verify_otp( "user@example.com", "a1b2c3", Some("127.0.0.1"), Some("Mozilla/5.0"), ).await?; // Verify magic link let (user, session) = auth.verify_magic_link( &token, Some("127.0.0.1"), Some("Mozilla/5.0"), ).await?; // Set cookie: name = "futureauth_session", value = session.token5. Check sessions and sign out// Check session match auth.get_session(&token).await? { Some((user, session)) => { /* authenticated */ } None => { /* invalid/expired */ } } // Sign out auth.revoke_session(&token).await?;Auth Routes (provided by auth_router())

Method

Path

Body

Description

POST

/api/auth/send-magic-link

{ "email": "user@example.com", "callback_url": "https://myapp.com/auth/verify" }

Send magic link email

POST

/api/auth/verify-magic-link

{ "token": "..." }

Verify magic link, create session

POST

/api/auth/send-otp

{ "email": "..." } or { "phone": "+1..." }

Send OTP code

POST

/api/auth/verify-otp

{ "email": "...", "code": "a1b2c3" }

Verify OTP, create session

GET

/api/auth/session

(reads cookie)

Get current user + session

POST

/api/auth/sign-out

(reads cookie)

Revoke session

Frontend Integration (React/TypeScript)Do NOT use better-auth or any third-party auth client. Call FutureAuth endpoints directly:// Send OTP await fetch("/api/auth/send-otp", { method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", body: JSON.stringify({ email: "user@example.com" }), }); // Verify OTP (sets session cookie automatically) const res = await fetch("/api/auth/verify-otp", { method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", body: JSON.stringify({ email: "user@example.com", code: "a1b2c3" }), }); // Check session const session = await fetch("/api/auth/session", { credentials: "include" }).then(r => r.json()); // Sign out await fetch("/api/auth/sign-out", { method: "POST", credentials: "include" });Always include credentials: "include" on every fetch call.ConfigurationFutureAuthConfig { api_url: String, // FutureAuth server URL (https://future-auth.com) secret_key: String, // Project secret key from dashboard (vx_sec_...) project_name: String, // Shown in OTP emails/SMS session_ttl: Duration, // Default: 30 days otp_ttl: Duration, // Default: 10 minutes otp_length: usize, // Default: 6 chars (alphanumeric) cookie_name: String, // Default: "futureauth_session" }Environment Variables

Variable

Description

DATABASE_URL

Your Postgres connection string

FUTUREAUTH_SECRET_KEY

Project secret key from dashboard

FUTUREAUTH_API_URL

Optional, defaults to https://future-auth.com

Database Schema (created in YOUR database)

Table

Key columns

"user"

id, email, phone, name, email_verified, phone_verified, image, created_at, updated_at

session

id, user_id, token, ip_address, user_agent, expires_at, created_at

verification

id, identifier, code, expires_at, created_at

Common Mistakes

Mistake

Fix

Using .nest("/api/auth", auth_router())

Use .merge(auth_router()) — routes already have /api/auth/ prefix

Using better-auth client

Use direct fetch() calls

Calling /api/auth/get-session

Correct path: /api/auth/session

Missing credentials: "include"

Always include it for cookies to work