Skip to main content

AuthState

axess_core::session::data

Enum AuthState 

Source 
pub enum AuthState {
    Guest,
    Identifying {
        user_id: UserId,
        tenant_id: TenantId,
    },
    Authenticating {
        user_id: UserId,
        tenant_id: TenantId,
        method_name: Arc<str>,
        remaining: Vec<FactorKind>,
        completed: Vec<FactorKind>,
        attempt_count: u32,
        last_attempt: Option<DateTime<Utc>>,
    },
    Authenticated {
        user_id: UserId,
        tenant_id: TenantId,
        authn_time: DateTime<Utc>,
        factors_completed: Vec<FactorKind>,
    },
    PendingWorkflow {
        user_id: UserId,
        tenant_id: TenantId,
        workflow: WorkflowState,
    },
}
Expand description

Authentication state machine: flat enum, typed UserId / TenantId IDs.

The state machine follows a strict forward progression with PendingWorkflow as a post-authentication holding state.

§State transition diagram

                    ┌───────────────────────────┐
                    │ (app-level, optional)      │
 Guest ─┬──────────►│ Identifying ──► Authenticating ──► Authenticated
        │           └───────────────────────────┘          ▲
        │                                                  │
        └──► Authenticating ──► Authenticated              │
        │         (begin_login default path)               │
        │                                                  │
        └──► PendingWorkflow(Signup) ──────────────────────┘
   ▲              (begin_signup)           (complete_signup)
   │                                                       │
   │              (logout / session clear)                  │
   └───────────────────────────────────────────────────────-┘
  • Guest: anonymous visitor, no authentication started.
  • Identifying: optional state for username-first flows. The built-in AuthnService::begin_login() skips this and goes directly to Authenticating. Available via session.set_identifying() for apps that need a two-step identify-then-authenticate UX.
  • Authenticating: progressing through a multi-factor method; remaining tracks which factor kinds are still to be verified.
  • Authenticated: all required factors verified; full access granted.
  • PendingWorkflow: blocked on a post-auth step (signup, KYC, password reset, etc.). Reached via begin_signup() or app-level workflow initiation.

Calling AuthSession::clear from any state resets the session back to Guest (logout).

Variants§

§

Guest

No authentication started; anonymous visitor.

§

Identifying

User identified (username entered), first factor not yet verified.

Fields

§user_id: UserId

Identifier of the user being authenticated.

§tenant_id: TenantId

Tenant the user belongs to.

§

Authenticating

Progressing through a multi-factor method.

Fields

§user_id: UserId

Identifier of the user being authenticated.

§tenant_id: TenantId

Tenant the user belongs to.

§method_name: Arc<str>

Human-readable method name, e.g. "password+totp".

§remaining: Vec<FactorKind>

Ordered list of factor kinds still to be verified.

§completed: Vec<FactorKind>

Factor kinds that have already been verified in this flow, in the order they were completed. Carried into AuthState::Authenticated::factors_completed on transition so audit events can record the full list.

§attempt_count: u32

Number of failed attempts on the current factor step.

§last_attempt: Option<DateTime<Utc>>

Timestamp of last attempt (for rate limiting / lockout).

§

Authenticated

All factors verified: user is fully authenticated.

Fields

§user_id: UserId

Identifier of the authenticated user.

§tenant_id: TenantId

Tenant the user belongs to.

§authn_time: DateTime<Utc>

Wall-clock time when authentication completed (from injectable Clock).

§factors_completed: Vec<FactorKind>

Factor kinds that were verified to reach this state, in completion order. Used by the audit log to distinguish “user logged in with password only because the tenant disables TOTP” (legitimate single-factor) from “user reached Authenticated without verifying TOTP” (bypass attack). Empty for sessions whose state predates this field; serde(default) keeps existing serialized sessions readable.

§

PendingWorkflow

Authenticated but blocked on a post-auth workflow (e.g. signup, KYC, password reset).

Fields

§user_id: UserId

Identifier of the user awaiting workflow completion.

§tenant_id: TenantId

Tenant the user belongs to.

§workflow: WorkflowState

Workflow currently blocking full authentication (e.g. signup, KYC).

Implementations§

Source§

impl AuthState

Source

pub fn user_id(&self) -> Option<&UserId>

Return the authenticated user ID if one is associated with this state.

Source

pub fn tenant_id(&self) -> Option<&TenantId>

Return the tenant ID if one is associated with this state.

Source

pub fn is_authenticated(&self) -> bool

Return true if this state represents a fully authenticated session.

Source

pub fn is_guest(&self) -> bool

Return true if this is an unauthenticated guest session.

Source

pub fn is_authenticating(&self) -> bool

Return true if the session is in progress through a multi-factor flow.

Use this to guard MFA factor-verification routes.

Trait Implementations§

Source§

impl Clone for AuthState

Source§

fn clone(&self) -> AuthState

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AuthState

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for AuthState

Source§

fn default() -> AuthState

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for AuthState

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl PartialEq for AuthState

Source§

fn eq(&self, other: &AuthState) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for AuthState

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for AuthState

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> ArchivePointee for T

Source§

type ArchivedMetadata = ()

The archived version of the pointer metadata for this type.
Source§

fn pointer_metadata( _: &<T as ArchivePointee>::ArchivedMetadata, ) -> <T as Pointee>::Metadata

Converts some archived metadata to the pointer metadata for itself.
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> LayoutRaw for T

Source§

fn layout_raw(_: <T as Pointee>::Metadata) -> Result<Layout, LayoutError>

Returns the layout of the type.
Source§

impl<T, N1, N2> Niching<NichedOption<T, N1>> for N2
where T: SharedNiching<N1, N2>, N1: Niching<T>, N2: Niching<T>,

Source§

unsafe fn is_niched(niched: *const NichedOption<T, N1>) -> bool

Returns whether the given value has been niched. Read more
Source§

fn resolve_niched(out: Place<NichedOption<T, N1>>)

Writes data to out indicating that a T is niched.
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Pointee for T

Source§

type Metadata = ()

The metadata type for pointers and references to this type.
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,