Struct AuthFramework 

pub struct AuthFramework { /* private fields */ }

The primary authentication and authorization framework for Rust applications.

AuthFramework is the central component that orchestrates all authentication and authorization operations. It provides a unified interface for multiple authentication methods, token management, session handling, and security monitoring.

Core Capabilities

• Multi-Method Authentication: Support for password, OAuth2, MFA, passkeys, and custom methods
• Token Management: JWT token creation, validation, and lifecycle management
• Session Management: Secure session handling with configurable storage backends
• Permission System: Role-based and resource-based authorization
• Security Monitoring: Real-time threat detection and audit logging
• Rate Limiting: Configurable rate limiting for brute force protection

Thread Safety

The framework is designed for concurrent use and can be safely shared across multiple threads using Arc<AuthFramework>.

Storage Backends

Supports multiple storage backends:

• In-memory (for development/testing)
• Redis (for production with clustering)
• PostgreSQL (for persistent storage)
• Custom implementations via the AuthStorage trait

Example

use auth_framework::{AuthFramework, AuthConfig};

// Create framework with default configuration
let config = AuthConfig::default();
let auth = AuthFramework::new(config);

// Register authentication methods
auth.register_method("password", password_method);
auth.register_method("oauth2", oauth2_method);

// Authenticate a user
let result = auth.authenticate("password", credential, metadata).await?;

Security Considerations

• All tokens are signed with cryptographically secure keys
• Session data is encrypted at rest when using persistent storage
• Rate limiting prevents brute force attacks
• Audit logging captures all security-relevant events
• Configurable security policies for enterprise compliance

Implementations

impl AuthFramework

pub fn new(config: AuthConfig) -> Self

Create a new authentication framework.

This method is infallible and creates a basic framework instance. Configuration validation and component initialization is deferred to initialize(). This design improves API usability while maintaining security through proper initialization.

pub fn new_validated(config: AuthConfig) -> Result<Self>

Create a new authentication framework with validation.

This method validates the configuration immediately and returns an error if the configuration is invalid. Use this when you want early validation.

pub fn register_method( &mut self, name: impl Into<String>, method: AuthMethodEnum, )

Register an authentication method.

pub async fn initialize(&mut self) -> Result<()>

Initialize the authentication framework.

This method performs configuration validation, sets up secure components, and prepares the framework for use. It must be called before any other operations.

Security Note

This method validates JWT secrets and replaces any temporary secrets with properly configured ones for production security.

pub async fn authenticate( &self, method_name: &str, credential: Credential, ) -> Result<AuthResult>

Authenticate a user with the specified method.

pub async fn authenticate_with_metadata( &self, method_name: &str, credential: Credential, metadata: CredentialMetadata, ) -> Result<AuthResult>

Authenticate a user with the specified method and metadata.

pub async fn complete_mfa( &self, challenge: MfaChallenge, mfa_code: &str, ) -> Result<AuthToken>

Complete multi-factor authentication.

pub async fn validate_token(&self, token: &AuthToken) -> Result<bool>

Validate a token.

pub async fn get_user_info(&self, token: &AuthToken) -> Result<UserInfo>

Get user information from a token.

pub async fn check_permission( &self, token: &AuthToken, action: &str, resource: &str, ) -> Result<bool>

Check if a token has a specific permission.

pub async fn refresh_token(&self, token: &AuthToken) -> Result<AuthToken>

Refresh a token.

pub async fn revoke_token(&self, token: &AuthToken) -> Result<()>

Revoke a token.

pub async fn create_api_key( &self, user_id: &str, expires_in: Option<Duration>, ) -> Result<String>

Create a new API key for a user.

pub async fn validate_api_key(&self, api_key: &str) -> Result<UserInfo>

Validate an API key and return user information.

pub async fn revoke_api_key(&self, api_key: &str) -> Result<()>

Revoke an API key.

pub async fn create_session( &self, user_id: &str, expires_in: Duration, ip_address: Option<String>, user_agent: Option<String>, ) -> Result<String>

Create a new session.

pub async fn get_session(&self, session_id: &str) -> Result<Option<SessionData>>

Get session information.

pub async fn delete_session(&self, session_id: &str) -> Result<()>

Delete a session.

pub async fn list_user_tokens(&self, user_id: &str) -> Result<Vec<AuthToken>>

Get all tokens for a user.

pub async fn cleanup_expired_data(&self) -> Result<()>

Clean up expired data.

pub async fn get_stats(&self) -> Result<AuthStats>

Get authentication framework statistics.

pub fn token_manager(&self) -> &TokenManager

Get the token manager.

pub async fn validate_username(&self, username: &str) -> Result<bool>

Validate username format.

pub async fn validate_display_name(&self, display_name: &str) -> Result<bool>

Validate display name format.

pub async fn validate_password_strength(&self, password: &str) -> Result<bool>

Validate password strength using security policy.

For enterprise security, this enforces Strong passwords by default. The minimum password strength can be configured in the security policy.

pub async fn validate_user_input(&self, input: &str) -> Result<bool>

Validate user input.

pub async fn create_auth_token( &self, user_id: impl Into<String>, scopes: Vec<String>, method_name: impl Into<String>, lifetime: Option<Duration>, ) -> Result<AuthToken>

Create an authentication token directly (useful for testing and demos).

Note: In production, tokens should be created through the authenticate method.

pub async fn initiate_sms_challenge(&self, user_id: &str) -> Result<String>

Initiate SMS challenge for MFA.

pub async fn verify_sms_code( &self, challenge_id: &str, code: &str, ) -> Result<bool>

Verify SMS challenge code.

pub async fn register_email(&self, user_id: &str, email: &str) -> Result<()>

Register email for a user.

pub async fn generate_totp_secret(&self, user_id: &str) -> Result<String>

Generate TOTP secret for a user.

pub async fn generate_totp_qr_code( &self, user_id: &str, app_name: &str, secret: &str, ) -> Result<String>

Generate TOTP QR code URL.

pub async fn generate_totp_code(&self, secret: &str) -> Result<String>

Generate current TOTP code using provided secret.

pub async fn generate_totp_code_for_window( &self, secret: &str, time_window: Option<u64>, ) -> Result<String>

Generate TOTP code for given secret and optional specific time window

pub async fn verify_totp_code(&self, user_id: &str, code: &str) -> Result<bool>

Verify TOTP code.

pub async fn check_ip_rate_limit(&self, ip: &str) -> Result<bool>

Check IP rate limit.

pub async fn get_security_metrics(&self) -> Result<HashMap<String, u64>>

Get security metrics.

pub async fn register_phone_number( &self, user_id: &str, phone_number: &str, ) -> Result<()>

Register phone number for SMS MFA.

pub async fn generate_backup_codes( &self, user_id: &str, count: usize, ) -> Result<Vec<String>>

Generate backup codes.

pub async fn grant_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>

Grant permission to a user.

pub async fn initiate_email_challenge(&self, user_id: &str) -> Result<String>

Initiate email challenge.

pub async fn coordinate_distributed_sessions( &self, ) -> Result<SessionCoordinationStats>

Advanced session management coordination across distributed instances

pub async fn synchronize_session(&self, session_id: &str) -> Result<()>

Synchronize session with remote instances

pub fn get_monitoring_manager(&self) -> Arc<MonitoringManager>

Retrieves the monitoring manager for accessing metrics and health check functionality.

The monitoring manager provides access to comprehensive metrics collection, health monitoring, and performance analytics for the authentication framework. This is essential for production monitoring and observability.

Returns

An Arc<MonitoringManager> that can be used to:

• Collect performance metrics
• Monitor system health
• Track authentication events
• Generate monitoring reports

Thread Safety

The returned monitoring manager is thread-safe and can be shared across multiple threads or async tasks safely.

Example

let monitoring = auth_framework.get_monitoring_manager();

// Use for health checks
let health_status = monitoring.get_health_status().await;

// Use for metrics collection
let metrics = monitoring.get_performance_metrics().await;

pub async fn get_performance_metrics(&self) -> HashMap<String, u64>

Get current performance metrics

pub async fn health_check(&self) -> Result<HashMap<String, HealthCheckResult>>

Perform comprehensive health check

pub async fn export_prometheus_metrics(&self) -> String

Export metrics in Prometheus format

pub async fn create_role(&self, role: Role) -> Result<()>

Create a new role.

pub async fn assign_role(&self, user_id: &str, role_name: &str) -> Result<()>

Assign a role to a user.

pub async fn set_role_inheritance( &self, child_role: &str, parent_role: &str, ) -> Result<()>

Set role inheritance.

pub async fn revoke_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>

Revoke permission from a user.

pub async fn user_has_role( &self, user_id: &str, role_name: &str, ) -> Result<bool>

Check if user has a role.

pub async fn get_effective_permissions( &self, user_id: &str, ) -> Result<Vec<String>>

Get effective permissions for a user.

pub async fn create_abac_policy( &self, name: &str, description: &str, ) -> Result<()>

Create ABAC policy.

pub async fn map_user_attribute( &self, user_id: &str, attribute: &str, value: &str, ) -> Result<()>

Map user attribute for ABAC evaluation.

pub async fn get_user_attribute( &self, user_id: &str, attribute: &str, ) -> Result<Option<String>>

Get user attribute for ABAC evaluation.

pub async fn check_dynamic_permission( &self, user_id: &str, action: &str, resource: &str, context: HashMap<String, String>, ) -> Result<bool>

Check dynamic permission with context evaluation (ABAC).

pub async fn create_resource(&self, resource: &str) -> Result<()>

Create resource for permission management.

pub async fn delegate_permission( &self, delegator_id: &str, delegatee_id: &str, action: &str, resource: &str, duration: Duration, ) -> Result<()>

Delegate permission from one user to another.

pub async fn get_active_delegations(&self, user_id: &str) -> Result<Vec<String>>

Get active delegations for a user.

pub async fn get_permission_audit_logs( &self, user_id: Option<&str>, action: Option<&str>, resource: Option<&str>, limit: Option<usize>, ) -> Result<Vec<String>>

Get permission audit logs with filtering.

pub async fn get_permission_metrics( &self, ) -> Result<HashMap<String, u64>, AuthError>

Get permission metrics for monitoring.

pub async fn get_security_audit_stats(&self) -> Result<SecurityAuditStats>

Collect comprehensive security audit statistics This aggregates critical security metrics for monitoring and incident response

pub async fn get_user_profile(&self, user_id: &str) -> Result<UserProfile>

Get user profile information

impl AuthFramework

pub fn builder() -> AuthBuilder

Create a new builder for the authentication framework

pub fn quick_start() -> QuickStartBuilder

Quick start builder for common setups

pub fn for_use_case(use_case: UseCasePreset) -> AuthBuilder

Create a builder for a specific use case

pub fn preset(preset: SecurityPreset) -> AuthBuilder

Create an authentication framework with preset configuration