AuthFramework

Struct AuthFramework 

Source
pub struct AuthFramework { /* private fields */ }
Expand description

The primary authentication and authorization framework for Rust applications.

AuthFramework is the central component that orchestrates all authentication and authorization operations. It provides a unified interface for multiple authentication methods, token management, session handling, and security monitoring.

§Core Capabilities

  • Multi-Method Authentication: Support for password, OAuth2, MFA, passkeys, and custom methods
  • Token Management: JWT token creation, validation, and lifecycle management
  • Session Management: Secure session handling with configurable storage backends
  • Permission System: Role-based and resource-based authorization
  • Security Monitoring: Real-time threat detection and audit logging
  • Rate Limiting: Configurable rate limiting for brute force protection

§Thread Safety

The framework is designed for concurrent use and can be safely shared across multiple threads using Arc<AuthFramework>.

§Storage Backends

Supports multiple storage backends:

  • In-memory (for development/testing)
  • Redis (for production with clustering)
  • PostgreSQL (for persistent storage)
  • Custom implementations via the AuthStorage trait

§Example

use auth_framework::{AuthFramework, AuthConfig};

// Create framework with default configuration
let config = AuthConfig::default();
let auth = AuthFramework::new(config);

// Register authentication methods
auth.register_method("password", password_method);
auth.register_method("oauth2", oauth2_method);

// Authenticate a user
let result = auth.authenticate("password", credential, metadata).await?;

§Security Considerations

  • All tokens are signed with cryptographically secure keys
  • Session data is encrypted at rest when using persistent storage
  • Rate limiting prevents brute force attacks
  • Audit logging captures all security-relevant events
  • Configurable security policies for enterprise compliance

Implementations§

Source§

impl AuthFramework

Source

pub fn new(config: AuthConfig) -> Self

Create a new authentication framework.

This method is infallible and creates a basic framework instance. Configuration validation and component initialization is deferred to initialize(). This design improves API usability while maintaining security through proper initialization.

Source

pub fn new_validated(config: AuthConfig) -> Result<Self>

Create a new authentication framework with validation.

This method validates the configuration immediately and returns an error if the configuration is invalid. Use this when you want early validation.

Source

pub fn register_method( &mut self, name: impl Into<String>, method: AuthMethodEnum, )

Register an authentication method.

Source

pub async fn initialize(&mut self) -> Result<()>

Initialize the authentication framework.

This method performs configuration validation, sets up secure components, and prepares the framework for use. It must be called before any other operations.

§Security Note

This method validates JWT secrets and replaces any temporary secrets with properly configured ones for production security.

Source

pub async fn authenticate( &self, method_name: &str, credential: Credential, ) -> Result<AuthResult>

Authenticate a user with the specified method.

Source

pub async fn authenticate_with_metadata( &self, method_name: &str, credential: Credential, metadata: CredentialMetadata, ) -> Result<AuthResult>

Authenticate a user with the specified method and metadata.

Source

pub async fn complete_mfa( &self, challenge: MfaChallenge, mfa_code: &str, ) -> Result<AuthToken>

Complete multi-factor authentication.

Source

pub async fn validate_token(&self, token: &AuthToken) -> Result<bool>

Validate a token.

Source

pub async fn get_user_info(&self, token: &AuthToken) -> Result<UserInfo>

Get user information from a token.

Source

pub async fn check_permission( &self, token: &AuthToken, action: &str, resource: &str, ) -> Result<bool>

Check if a token has a specific permission.

Source

pub async fn refresh_token(&self, token: &AuthToken) -> Result<AuthToken>

Refresh a token.

Source

pub async fn revoke_token(&self, token: &AuthToken) -> Result<()>

Revoke a token.

Source

pub async fn create_api_key( &self, user_id: &str, expires_in: Option<Duration>, ) -> Result<String>

Create a new API key for a user.

Source

pub async fn validate_api_key(&self, api_key: &str) -> Result<UserInfo>

Validate an API key and return user information.

Source

pub async fn revoke_api_key(&self, api_key: &str) -> Result<()>

Revoke an API key.

Source

pub async fn create_session( &self, user_id: &str, expires_in: Duration, ip_address: Option<String>, user_agent: Option<String>, ) -> Result<String>

Create a new session.

Source

pub async fn get_session(&self, session_id: &str) -> Result<Option<SessionData>>

Get session information.

Source

pub async fn delete_session(&self, session_id: &str) -> Result<()>

Delete a session.

Source

pub async fn list_user_tokens(&self, user_id: &str) -> Result<Vec<AuthToken>>

Get all tokens for a user.

Source

pub async fn cleanup_expired_data(&self) -> Result<()>

Clean up expired data.

Source

pub async fn get_stats(&self) -> Result<AuthStats>

Get authentication framework statistics.

Source

pub fn token_manager(&self) -> &TokenManager

Get the token manager.

Source

pub async fn validate_username(&self, username: &str) -> Result<bool>

Validate username format.

Source

pub async fn validate_display_name(&self, display_name: &str) -> Result<bool>

Validate display name format.

Source

pub async fn validate_password_strength(&self, password: &str) -> Result<bool>

Validate password strength using security policy.

For enterprise security, this enforces Strong passwords by default. The minimum password strength can be configured in the security policy.

Source

pub async fn validate_user_input(&self, input: &str) -> Result<bool>

Validate user input.

Source

pub async fn create_auth_token( &self, user_id: impl Into<String>, scopes: Vec<String>, method_name: impl Into<String>, lifetime: Option<Duration>, ) -> Result<AuthToken>

Create an authentication token directly (useful for testing and demos).

Note: In production, tokens should be created through the authenticate method.

Source

pub async fn initiate_sms_challenge(&self, user_id: &str) -> Result<String>

Initiate SMS challenge for MFA.

Source

pub async fn verify_sms_code( &self, challenge_id: &str, code: &str, ) -> Result<bool>

Verify SMS challenge code.

Source

pub async fn register_email(&self, user_id: &str, email: &str) -> Result<()>

Register email for a user.

Source

pub async fn generate_totp_secret(&self, user_id: &str) -> Result<String>

Generate TOTP secret for a user.

Source

pub async fn generate_totp_qr_code( &self, user_id: &str, app_name: &str, secret: &str, ) -> Result<String>

Generate TOTP QR code URL.

Source

pub async fn generate_totp_code(&self, secret: &str) -> Result<String>

Generate current TOTP code using provided secret.

Source

pub async fn generate_totp_code_for_window( &self, secret: &str, time_window: Option<u64>, ) -> Result<String>

Generate TOTP code for given secret and optional specific time window

Source

pub async fn verify_totp_code(&self, user_id: &str, code: &str) -> Result<bool>

Verify TOTP code.

Source

pub async fn check_ip_rate_limit(&self, ip: &str) -> Result<bool>

Check IP rate limit.

Source

pub async fn get_security_metrics(&self) -> Result<HashMap<String, u64>>

Get security metrics.

Source

pub async fn register_phone_number( &self, user_id: &str, phone_number: &str, ) -> Result<()>

Register phone number for SMS MFA.

Source

pub async fn generate_backup_codes( &self, user_id: &str, count: usize, ) -> Result<Vec<String>>

Generate backup codes.

Source

pub async fn grant_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>

Grant permission to a user.

Source

pub async fn initiate_email_challenge(&self, user_id: &str) -> Result<String>

Initiate email challenge.

Source

pub async fn coordinate_distributed_sessions( &self, ) -> Result<SessionCoordinationStats>

Advanced session management coordination across distributed instances

Source

pub async fn synchronize_session(&self, session_id: &str) -> Result<()>

Synchronize session with remote instances

Source

pub fn get_monitoring_manager(&self) -> Arc<MonitoringManager>

Retrieves the monitoring manager for accessing metrics and health check functionality.

The monitoring manager provides access to comprehensive metrics collection, health monitoring, and performance analytics for the authentication framework. This is essential for production monitoring and observability.

§Returns

An Arc<MonitoringManager> that can be used to:

  • Collect performance metrics
  • Monitor system health
  • Track authentication events
  • Generate monitoring reports
§Thread Safety

The returned monitoring manager is thread-safe and can be shared across multiple threads or async tasks safely.

§Example
let monitoring = auth_framework.get_monitoring_manager();

// Use for health checks
let health_status = monitoring.get_health_status().await;

// Use for metrics collection
let metrics = monitoring.get_performance_metrics().await;
Source

pub async fn get_performance_metrics(&self) -> HashMap<String, u64>

Get current performance metrics

Source

pub async fn health_check(&self) -> Result<HashMap<String, HealthCheckResult>>

Perform comprehensive health check

Source

pub async fn export_prometheus_metrics(&self) -> String

Export metrics in Prometheus format

Source

pub async fn create_role(&self, role: Role) -> Result<()>

Create a new role.

Source

pub async fn assign_role(&self, user_id: &str, role_name: &str) -> Result<()>

Assign a role to a user.

Source

pub async fn set_role_inheritance( &self, child_role: &str, parent_role: &str, ) -> Result<()>

Set role inheritance.

Source

pub async fn revoke_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>

Revoke permission from a user.

Source

pub async fn user_has_role( &self, user_id: &str, role_name: &str, ) -> Result<bool>

Check if user has a role.

Source

pub async fn get_effective_permissions( &self, user_id: &str, ) -> Result<Vec<String>>

Get effective permissions for a user.

Source

pub async fn create_abac_policy( &self, name: &str, description: &str, ) -> Result<()>

Create ABAC policy.

Source

pub async fn map_user_attribute( &self, user_id: &str, attribute: &str, value: &str, ) -> Result<()>

Map user attribute for ABAC evaluation.

Source

pub async fn get_user_attribute( &self, user_id: &str, attribute: &str, ) -> Result<Option<String>>

Get user attribute for ABAC evaluation.

Source

pub async fn check_dynamic_permission( &self, user_id: &str, action: &str, resource: &str, context: HashMap<String, String>, ) -> Result<bool>

Check dynamic permission with context evaluation (ABAC).

Source

pub async fn create_resource(&self, resource: &str) -> Result<()>

Create resource for permission management.

Source

pub async fn delegate_permission( &self, delegator_id: &str, delegatee_id: &str, action: &str, resource: &str, duration: Duration, ) -> Result<()>

Delegate permission from one user to another.

Source

pub async fn get_active_delegations(&self, user_id: &str) -> Result<Vec<String>>

Get active delegations for a user.

Source

pub async fn get_permission_audit_logs( &self, user_id: Option<&str>, action: Option<&str>, resource: Option<&str>, limit: Option<usize>, ) -> Result<Vec<String>>

Get permission audit logs with filtering.

Source

pub async fn get_permission_metrics( &self, ) -> Result<HashMap<String, u64>, AuthError>

Get permission metrics for monitoring.

Source

pub async fn get_security_audit_stats(&self) -> Result<SecurityAuditStats>

Collect comprehensive security audit statistics This aggregates critical security metrics for monitoring and incident response

Source

pub async fn get_user_profile(&self, user_id: &str) -> Result<UserProfile>

Get user profile information

Source§

impl AuthFramework

Source

pub fn builder() -> AuthBuilder

Create a new builder for the authentication framework

Source

pub fn quick_start() -> QuickStartBuilder

Quick start builder for common setups

Source

pub fn for_use_case(use_case: UseCasePreset) -> AuthBuilder

Create a builder for a specific use case

Source

pub fn preset(preset: SecurityPreset) -> AuthBuilder

Create an authentication framework with preset configuration

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,