Skip to main content

Module auth

Module auth 

Source
Expand description

Identity & Access — JWT, signed cookies, server-side sessions, OAuth2, guards.

SubmoduleResponsibility
jwtSign / decode / validate JSON Web Tokens (JwtService)
cookieHMAC-SHA256 signed cookies (CookieService)
sessionServer-side session store abstraction (SessionManager)
oauthOAuth2 Authorization Code + PKCE provider trait
guardsRequest guards (JwtAuthGuard, RoleGuard, …)
extractThe single credential-extraction pipeline used by every
request boundary (HTTP, plugin routes, WebSocket handshake)

Modules§

cookie
HTTP cookie signing and extraction via HMAC-SHA256.
extract
The single credential-extraction pipeline shared by every request boundary.
guards
Request guards — composable preconditions evaluated before a handler runs.
jwt
JWT authentication service — sign, decode, and validate JSON Web Tokens.
oauth
OAuth 2.0 provider abstraction.
policy
Attribute-Based Access Control (ABAC) policy engine — hot-reloadable, default-deny, zero locks on the request path.
secrets
Hot-rotating secrets without restarts and without locks.
session
Server-side session store abstraction.

Structs§

Cnf
The cnf (confirmation) claim body — currently only the JWK thumbprint.
JwtConfig
JwtService
Signs and validates JWTs. Provide this into the DI container so the framework boundaries (boundary.rs, ws.rs) can auto-populate RequestContext::claims() on every incoming request.
JwtSignError
Configuration for JwtService. Build once at startup and provide via DI. Token signing failed — malformed key material (typically a bad rotation payload). Map to a 500 at the route; the process must keep serving.

Functions§

decode_bearer_token
Extract and decode an access Bearer token from request headers.