Module server

auth_framework

Module server 

Source
Expand description

Server-side authentication and authorization implementations.

This module provides comprehensive server-side capabilities including:

  • OAuth 2.0 Authorization Server (RFC 6749, RFC 8628) ✅ Working
  • OAuth 2.1 Authorization Framework ✅ Working
  • OpenID Connect Provider (OIDC 1.0) [Testing needed]
  • JWT Token Server
  • API Gateway Authentication
  • SAML Identity Provider
  • WebAuthn Relying Party Server

Re-exports§

pub use core::additional_modules::api_gateway;
pub use core::additional_modules::consent;
pub use core::additional_modules::device_flow_server;
pub use core::additional_modules::introspection;
pub use core::additional_modules::jwt_server;
pub use core::additional_modules::saml_idp;
pub use core::client_registration::ClientRegistrationConfig;
pub use core::client_registration::ClientRegistrationManager;
pub use core::client_registration::ClientRegistrationRequest;
pub use core::client_registration::ClientRegistrationResponse;
pub use core::client_registration::RegisteredClient;
pub use core::client_registry::ClientRegistry;
pub use core::federated_authentication_orchestration::AlternativeIdp;
pub use core::federated_authentication_orchestration::AppliedTransformation;
pub use core::federated_authentication_orchestration::AttributeMappingConfig;
pub use core::federated_authentication_orchestration::AttributeTransformation;
pub use core::federated_authentication_orchestration::AuthenticationProtocol;
pub use core::federated_authentication_orchestration::CircuitBreakerConfig;
pub use core::federated_authentication_orchestration::CircuitBreakerState;
pub use core::federated_authentication_orchestration::FederationOrchestrator;
pub use core::federated_authentication_orchestration::FederationOrchestratorConfig;
pub use core::federated_authentication_orchestration::FederationOrchestratorImpl;
pub use core::federated_authentication_orchestration::IdentityProvider;
pub use core::federated_authentication_orchestration::IdpCapability;
pub use core::federated_authentication_orchestration::IdpHealthMetrics;
pub use core::federated_authentication_orchestration::IdpRecommendation;
pub use core::federated_authentication_orchestration::IdpRoutingRule;
pub use core::federated_authentication_orchestration::IdpSessionInfo;
pub use core::federated_authentication_orchestration::OrchestrationMetadata;
pub use core::federated_authentication_orchestration::OrchestrationPattern;
pub use core::federated_authentication_orchestration::OrchestrationPreferences;
pub use core::federated_authentication_orchestration::OrchestrationRequest;
pub use core::federated_authentication_orchestration::OrchestrationResponse;
pub use core::federated_authentication_orchestration::OrchestrationSessionInfo;
pub use core::federated_authentication_orchestration::ProtocolTranslationConfig;
pub use core::federated_authentication_orchestration::SelectedIdpInfo;
pub use core::federated_authentication_orchestration::SessionFederationConfig;
pub use core::federated_authentication_orchestration::SessionProtocol;
pub use core::federated_authentication_orchestration::StringOperation;
pub use core::federated_authentication_orchestration::TimeConstraint;
pub use core::federated_authentication_orchestration::TrustLevel;
pub use core::federated_authentication_orchestration::TrustValidationConfig;
pub use core::metadata::MetadataProvider;
pub use core::stepped_up_auth::AuthenticationLevel;
pub use core::stepped_up_auth::AuthenticationMethod;
pub use core::stepped_up_auth::LocationInfo;
pub use core::stepped_up_auth::StepUpConfig;
pub use core::stepped_up_auth::StepUpContext;
pub use core::stepped_up_auth::StepUpEvaluationResult;
pub use core::stepped_up_auth::StepUpRequest;
pub use core::stepped_up_auth::StepUpResponse;
pub use core::stepped_up_auth::StepUpRule;
pub use core::stepped_up_auth::StepUpStatus;
pub use core::stepped_up_auth::StepUpTrigger;
pub use core::stepped_up_auth::SteppedUpAuthManager;
pub use oauth::oauth2::OAuth2Server;
pub use oauth::oauth21::OAuth21Server;
pub use oauth::par::PARManager;
pub use oauth::rich_authorization_requests::AuthorizationDetail;
pub use oauth::rich_authorization_requests::RarAuthorizationDecision;
pub use oauth::rich_authorization_requests::RarAuthorizationProcessor;
pub use oauth::rich_authorization_requests::RarAuthorizationRequest;
pub use oauth::rich_authorization_requests::RarCondition;
pub use oauth::rich_authorization_requests::RarConfig;
pub use oauth::rich_authorization_requests::RarDecisionType;
pub use oauth::rich_authorization_requests::RarDetailDecision;
pub use oauth::rich_authorization_requests::RarManager;
pub use oauth::rich_authorization_requests::RarPermissionGrant;
pub use oauth::rich_authorization_requests::RarResourceAccess;
pub use oauth::rich_authorization_requests::RarResourceDiscoveryRequest;
pub use oauth::rich_authorization_requests::RarResourceDiscoveryResponse;
pub use oauth::rich_authorization_requests::RarRestriction;
pub use oauth::rich_authorization_requests::RarValidationResult;
pub use oidc::core::OidcProvider;
pub use oidc::oidc_advanced_jarm::AdvancedJarmConfig;
pub use oidc::oidc_advanced_jarm::AdvancedJarmManager;
pub use oidc::oidc_advanced_jarm::AuthorizationResponse;
pub use oidc::oidc_advanced_jarm::DeliveryResult;
pub use oidc::oidc_advanced_jarm::JarmDeliveryMode;
pub use oidc::oidc_advanced_jarm::JarmResponse;
pub use oidc::oidc_advanced_jarm::JarmValidationResult;
pub use oidc::oidc_backchannel_logout::BackChannelLogoutConfig;
pub use oidc::oidc_backchannel_logout::BackChannelLogoutManager;
pub use oidc::oidc_backchannel_logout::BackChannelLogoutRequest;
pub use oidc::oidc_backchannel_logout::BackChannelLogoutResponse;
pub use oidc::oidc_backchannel_logout::LogoutEvents;
pub use oidc::oidc_backchannel_logout::LogoutTokenClaims;
pub use oidc::oidc_backchannel_logout::NotificationResult;
pub use oidc::oidc_backchannel_logout::RpBackChannelConfig;
pub use oidc::oidc_enhanced_ciba::AuthenticationContext;
pub use oidc::oidc_enhanced_ciba::AuthenticationMode;
pub use oidc::oidc_enhanced_ciba::CibaRequestStatus;
pub use oidc::oidc_enhanced_ciba::CibaTokenResponse;
pub use oidc::oidc_enhanced_ciba::ConsentInfo;
pub use oidc::oidc_enhanced_ciba::ConsentStatus;
pub use oidc::oidc_enhanced_ciba::DeviceBinding;
pub use oidc::oidc_enhanced_ciba::DeviceInfo;
pub use oidc::oidc_enhanced_ciba::EnhancedCibaAuthRequest;
pub use oidc::oidc_enhanced_ciba::EnhancedCibaAuthResponse;
pub use oidc::oidc_enhanced_ciba::EnhancedCibaConfig;
pub use oidc::oidc_enhanced_ciba::EnhancedCibaManager;
pub use oidc::oidc_enhanced_ciba::GeoLocation;
pub use oidc::oidc_enhanced_ciba::UserIdentifierHint;
pub use oidc::oidc_error_extensions::AuthenticationRequirements;
pub use oidc::oidc_error_extensions::OidcErrorCode;
pub use oidc::oidc_error_extensions::OidcErrorManager;
pub use oidc::oidc_error_extensions::OidcErrorResponse;
pub use oidc::oidc_extensions::OidcExtensionsManager;
pub use oidc::oidc_frontchannel_logout::FailedNotification;
pub use oidc::oidc_frontchannel_logout::FrontChannelLogoutConfig;
pub use oidc::oidc_frontchannel_logout::FrontChannelLogoutManager;
pub use oidc::oidc_frontchannel_logout::FrontChannelLogoutRequest;
pub use oidc::oidc_frontchannel_logout::FrontChannelLogoutResponse;
pub use oidc::oidc_frontchannel_logout::RpFrontChannelConfig;
pub use oidc::oidc_response_modes::FormPostResponseMode;
pub use oidc::oidc_response_modes::JarmResponseMode;
pub use oidc::oidc_response_modes::MultipleResponseTypesManager;
pub use oidc::oidc_response_modes::ResponseMode;
pub use oidc::oidc_session_management::OidcSession;
pub use oidc::oidc_session_management::SessionCheckRequest;
pub use oidc::oidc_session_management::SessionCheckResponse;
pub use oidc::oidc_session_management::SessionManager;
pub use oidc::oidc_session_management::SessionState;
pub use oidc::oidc_user_registration::RegistrationData;
pub use oidc::oidc_user_registration::RegistrationManager;
pub use oidc::oidc_user_registration::RegistrationRequest;
pub use oidc::oidc_user_registration::RegistrationResponse;
pub use jwt::jwt_access_tokens::JwtAccessTokenBuilder;
pub use jwt::jwt_access_tokens::JwtAccessTokenValidator;
pub use jwt::jwt_best_practices::CryptoStrength;
pub use jwt::jwt_best_practices::JwtBestPracticesConfig;
pub use jwt::jwt_best_practices::JwtBestPracticesValidator;
pub use jwt::jwt_best_practices::SecureJwtClaims;
pub use jwt::jwt_best_practices::SecurityLevel;
pub use jwt::jwt_introspection::BasicIntrospectionResponse;
pub use jwt::jwt_introspection::JwtIntrospectionClaims;
pub use jwt::jwt_introspection::JwtIntrospectionConfig;
pub use jwt::jwt_introspection::JwtIntrospectionManager;
pub use jwt::private_key_jwt::PrivateKeyJwtManager;
pub use token_exchange::advanced_token_exchange::AdvancedTokenExchangeConfig;
pub use token_exchange::advanced_token_exchange::AdvancedTokenExchangeManager;
pub use token_exchange::core::TokenExchangeManager;
pub use token_exchange::token_exchange_common::ExchangeRequirements;
pub use token_exchange::token_exchange_common::ServiceComplexityLevel;
pub use token_exchange::token_exchange_common::TokenExchangeCapabilities;
pub use token_exchange::token_exchange_common::TokenExchangeFactory;
pub use token_exchange::token_exchange_common::TokenExchangeService;
pub use token_exchange::token_exchange_common::TokenExchangeUseCase;
pub use token_exchange::token_exchange_common::TokenValidationResult;
pub use token_exchange::token_exchange_common::ValidationUtils;
pub use token_exchange::token_exchange_factory::PerformanceCharacteristics;
pub use token_exchange::token_exchange_factory::SetupGuide;
pub use token_exchange::token_exchange_factory::TokenExchangeManagerFactory;
pub use token_exchange::token_introspection::TokenIntrospectionHandler;
pub use token_exchange::token_introspection::TokenIntrospectionService;
pub use security::caep_continuous_access::CaepAccessDecision;
pub use security::caep_continuous_access::CaepConfig;
pub use security::caep_continuous_access::CaepDeviceInfo;
pub use security::caep_continuous_access::CaepEvaluationResult;
pub use security::caep_continuous_access::CaepEvaluationRule;
pub use security::caep_continuous_access::CaepEvent;
pub use security::caep_continuous_access::CaepEventHandler;
pub use security::caep_continuous_access::CaepEventSeverity;
pub use security::caep_continuous_access::CaepEventSource;
pub use security::caep_continuous_access::CaepEventType;
pub use security::caep_continuous_access::CaepLocationInfo;
pub use security::caep_continuous_access::CaepManager;
pub use security::caep_continuous_access::CaepRuleAction;
pub use security::caep_continuous_access::CaepRuleCondition;
pub use security::caep_continuous_access::CaepSessionState;
pub use security::dpop::DpopManager;
pub use security::fapi::FapiManager;
pub use security::mtls::MutualTlsManager;
pub use security::x509_signing::X509CertificateManager;

Modules§

core
Core Server Implementation Module
jwt
JWT (JSON Web Token) Implementation Module
oauth
OAuth 2.0/2.1 Implementation Module
oidc
OpenID Connect (OIDC) Implementation Module
security
Comprehensive security implementation module for enterprise-grade authentication.
token_exchange
Token Exchange Implementation Module

Structs§

AuthRequest
Generic authentication request
AuthResponse
Generic authentication response
ProviderMetadata
Provider metadata
ValidationResult
Validation result
WorkingServerConfig
Minimal server configuration for working components

Enums§

ClientType
Client type for minimal functionality

Traits§

AuthenticationProvider
Trait for server-side authentication providers