Expand description
Server SDK for C3A Authorization Server.
This is the simplest way to use C3A. To start, make sure that you have your application registered in all used C3A instances (usually only in one).
This action requires invitation code given by C3A administrator.
Example:
ⓘ
use std::collections::HashSet;
use std::iter::FromIterator;
#[tokio::main]
async fn main() {
let (keypair, invite, opts) = authnz_server_sdk::persist_authnz_opts(
"app-keyring.json",
authnz_common::AppAuthConfiguration {
app_name: "my-app".into(),
allowed_tags: HashSet::from_iter(vec![("user", "chat").into()]),
sign_up_opts: Some(authnz_common::SignUpOpts {
identify_by: authnz_common::IdenticationRequirement::Email {
exclude_email_domains: vec![],
},
allow_sign_up: true,
auto_assign_tags: HashSet::from_iter(vec![("user", "chat").into()]),
allowed_authentication_flow: vec![
authnz_common::AuthenticationRequirement::Password {
min_size: 8,
should_contain_different_case: false,
should_contain_symbols: false,
},
authnz_common::AuthenticationRequirement::EmailConfirmation,
],
required_authentication: vec![
authnz_common::AuthenticationRequirement::Password {
min_size: 8,
should_contain_different_case: false,
should_contain_symbols: false,
},
authnz_common::AuthenticationRequirement::EmailConfirmation,
],
}),
sign_in_opts: authnz_common::SignInOpts {
allow_honeypots: false,
enable_fail_to_ban: None,
allow_recovery_key: false,
token_encryption_type: authnz_common::TokenEncryptionType::ChaCha20Poly1305,
},
client_based_auth_opts: Some(authnz_common::ClientBasedAuthorizationOpts {
enable_cba: true,
enable_cba_private_gateway_by: None,
require_cba_to_paths: None,
}),
app_pkey: vec![],
},
)
.unwrap();
let auth_cli = C3AClient::new(opts.app_name.as_str(), keypair, "https://my-domain.com")
.await
.unwrap();
if auth_cli.check_exists().await.is_err() {
tracing::info!("App is not registered! Registering...");
auth_cli.app_register(invite, opts).await.unwrap();
}
tracing::info!("Registered.");
}Then you should create some needed endpoints, such as sign-up, sign-in, check-authorized. If you use client-based authorization in any way,
make sure that you have sign-up/in-step1 and sign-up/in-step2, because C3A server should generate client-side challenge.
Simple usage:
ⓘ
let auth_cli = depot.obtain::<C3AClient>()?; // typical way to obtain in Salvo and CC Server Kit
let (requirements, registration_state) = auth_cli.prepare_sign_up(...).await?;
let tokens_triple = auth_cli.perform_sign_up(...).await?;
C3AClient::deploy_triple_to_cookies(&triple, res); // or deploy tokens to cookies/headers/whatever manually
let requirements = auth_cli.prepare_login(...).await?;
let tokens_triple = auth_cli.perform_login(...).await?;
C3AClient::deploy_triple_to_cookies(&triple, res); // or deploy tokens to cookies/headers/whatever manually
// Make sure that user is signed in:
let authorized = auth_cli.check_signed_in(req, res).await.unwrap_or(false);
// Make sure that user have sufficient rights:
let authorized = auth_cli.check_authorized_to(req, res, &[("user", "chat").into()]).await.unwrap_or(false);Re-exports§
pub use authnz_common;
Structs§
- Application
Keyring - Application keyring.
- Auth
Client - C3A Authentication & Authorization Client.
- Server
Error - Data structure responsible for server errors.
- Sign
Keypair - Signing key (certificate).
Type Aliases§
- MResult
- Simple backend result type.