auths_sdk/domains/device/types.rs
1use auths_core::storage::keychain::KeyAlias;
2use auths_verifier::core::ResourceId;
3use auths_verifier::types::CanonicalDid;
4use chrono::{DateTime, Utc};
5use serde::{Deserialize, Serialize};
6use std::path::PathBuf;
7
8/// Configuration for extending a device authorization's expiration.
9///
10/// Args:
11/// * `repo_path`: Path to the auths registry.
12/// * `device_did`: The DID of the device whose authorization to extend.
13/// * `expires_in`: Duration in seconds until expiration (per RFC 6749).
14/// * `identity_key_alias`: Keychain alias for the identity key (for re-signing).
15/// * `device_key_alias`: Keychain alias for the device key (for re-signing).
16///
17/// Usage:
18/// ```ignore
19/// let config = DeviceExtensionConfig {
20/// repo_path: PathBuf::from("/home/user/.auths"),
21/// device_did: "did:key:z6Mk...".into(),
22/// expires_in: 31_536_000,
23/// identity_key_alias: "my-identity".into(),
24/// device_key_alias: "my-device".into(),
25/// };
26/// ```
27#[derive(Debug)]
28pub struct DeviceExtensionConfig {
29 /// Path to the auths registry.
30 pub repo_path: PathBuf,
31 /// DID of the device whose authorization to extend.
32 pub device_did: CanonicalDid,
33 /// Duration in seconds until expiration (per RFC 6749).
34 pub expires_in: u64,
35 /// Keychain alias for the identity signing key.
36 pub identity_key_alias: KeyAlias,
37 /// Keychain alias for the device signing key (pass `None` to skip device co-signing).
38 pub device_key_alias: Option<KeyAlias>,
39}
40
41/// Configuration for linking a device to an existing identity.
42///
43/// Args:
44/// * `identity_key_alias`: Alias of the identity key in the keychain.
45///
46/// Usage:
47/// ```ignore
48/// let config = DeviceLinkConfig {
49/// identity_key_alias: "my-identity".into(),
50/// device_key_alias: Some("macbook-pro".into()),
51/// device_did: None,
52/// expires_in: Some(31_536_000),
53/// note: Some("Work laptop".into()),
54/// payload: None,
55/// };
56/// ```
57#[derive(Debug)]
58pub struct DeviceLinkConfig {
59 /// Alias of the identity key in the keychain.
60 pub identity_key_alias: KeyAlias,
61 /// Optional alias for the device key (defaults to identity alias).
62 pub device_key_alias: Option<KeyAlias>,
63 /// Optional pre-existing device DID (not yet supported).
64 pub device_did: Option<String>,
65 /// Duration in seconds until expiration (per RFC 6749).
66 pub expires_in: Option<u64>,
67 /// Optional human-readable note for the attestation.
68 pub note: Option<String>,
69 /// Optional JSON payload to embed in the attestation.
70 pub payload: Option<serde_json::Value>,
71}
72
73// Result types
74
75/// Outcome of a successful device link operation.
76///
77/// Usage:
78/// ```ignore
79/// let result: DeviceLinkResult = sdk.link_device(config).await?;
80/// println!("Linked device {} via attestation {}", result.device_did, result.attestation_id);
81/// ```
82#[derive(Debug, Clone)]
83pub struct DeviceLinkResult {
84 /// The DID of the linked device.
85 pub device_did: CanonicalDid,
86 /// The resource identifier of the created attestation.
87 pub attestation_id: ResourceId,
88}
89
90/// Outcome of a successful device authorization extension.
91///
92/// Usage:
93/// ```ignore
94/// let result: DeviceExtensionResult = extend_device(config, &ctx, &SystemClock)?;
95/// println!("Extended {} until {}", result.device_did, result.new_expires_at.date_naive());
96/// ```
97#[derive(Debug, Clone)]
98pub struct DeviceExtensionResult {
99 /// The DID of the device whose authorization was extended.
100 pub device_did: CanonicalDid,
101 /// The new expiration timestamp for the device authorization.
102 pub new_expires_at: chrono::DateTime<chrono::Utc>,
103 /// The previous expiration timestamp (None if the device had no expiry set).
104 pub previous_expires_at: Option<chrono::DateTime<chrono::Utc>>,
105}
106
107/// Device readiness status for diagnostics.
108#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
109pub enum DeviceReadiness {
110 /// Device is valid and not expiring soon.
111 Ok,
112 /// Device is expiring within 7 days.
113 ExpiringSoon,
114 /// Device authorization has expired.
115 Expired,
116 /// Device has been revoked.
117 Revoked,
118}
119
120/// Per-device status for reporting.
121///
122/// Usage:
123/// ```ignore
124/// for device in report.devices {
125/// println!("{}: {}", device.device_did, device.readiness);
126/// }
127/// ```
128#[derive(Debug, Clone, Serialize, Deserialize)]
129pub struct DeviceStatus {
130 /// The device DID.
131 pub device_did: CanonicalDid,
132 /// Current device readiness status.
133 pub readiness: DeviceReadiness,
134 /// Expiration timestamp, if set.
135 pub expires_at: Option<DateTime<Utc>>,
136 /// Seconds until expiration (RFC 6749 format).
137 pub expires_in: Option<i64>,
138 /// Revocation timestamp, if revoked.
139 pub revoked_at: Option<DateTime<Utc>>,
140}