Struct biscuit_auth::Biscuit

source · 
pub struct Biscuit { /* private fields */ }
Expand description

This structure represents a valid Biscuit token

It contains multiple Block elements, the associated symbol table, and a serialized version of this data

extern crate biscuit_auth as biscuit;

use biscuit::{KeyPair, Biscuit, builder::*, builder_ext::*};

fn main() {
  let root = KeyPair::new();

  // first we define the authority block for global data,
  // like access rights
  // data from the authority block cannot be created in any other block
  let mut builder = Biscuit::builder();
  builder.add_fact(fact("right", &[string("/a/file1.txt"), string("read")]));

  // facts and rules can also be parsed from a string
  builder.add_fact("right(\"/a/file1.txt\", \"read\")").expect("parse error");

  let token1 = builder.build(&root).unwrap();

  // we can create a new block builder from that token
  let mut builder2 = BlockBuilder::new();
  builder2.check_operation("read");

  let token2 = token1.append(builder2).unwrap();
}

Implementations§

source§

impl Biscuit

source

pub fn builder() -> BiscuitBuilder

create the first block’s builder

call builder::BiscuitBuilder::build to create the token

source

pub fn from<T, KP>(slice: T, key_provider: KP) -> Result<Self, Token>
where T: AsRef<[u8]>, KP: RootKeyProvider,

deserializes a token and validates the signature using the root public key

source

pub fn from_base64<T, KP>(slice: T, key_provider: KP) -> Result<Self, Token>
where T: AsRef<[u8]>, KP: RootKeyProvider,

deserializes a token and validates the signature using the root public key

source

pub fn to_vec(&self) -> Result<Vec<u8>, Token>

serializes the token

source

pub fn to_base64(&self) -> Result<String, Token>

serializes the token and encode it to a (URL safe) base64 string

source

pub fn serialized_size(&self) -> Result<usize, Token>

serializes the token

source

pub fn seal(&self) -> Result<Biscuit, Token>

creates a sealed version of the token

sealed tokens cannot be attenuated

source

pub fn authorizer(&self) -> Result<Authorizer, Token>

creates a authorizer from this token

source

pub fn authorize(&self, authorizer: &Authorizer) -> Result<usize, Token>

runs authorization with the provided authorizer

source

pub fn append(&self, block_builder: BlockBuilder) -> Result<Self, Token>

adds a new block to the token

since the public key is integrated into the token, the keypair can be discarded right after calling this function

source

pub fn context(&self) -> Vec<Option<String>>

returns the list of context elements of each block

the context is a free form text field in which application specific data can be stored

source

pub fn root_key_id(&self) -> Option<u32>

returns an (optional) root key identifier. It provides a hint for public key selection during verification

source

pub fn revocation_identifiers(&self) -> Vec<Vec<u8>>

returns a list of revocation identifiers for each block, in order

revocation identifiers are unique: tokens generated separately with the same contents will have different revocation ids

source

pub fn external_public_keys(&self) -> Vec<Option<PublicKey>>

returns a list of external key for each block, in order

Blocks carrying an external public key are third-party blocks and their contents can be trusted as coming from the holder of the corresponding private key

source

pub fn print(&self) -> String

pretty printer for this token

source

pub fn print_block_source(&self, index: usize) -> Result<String, Token>

prints the content of a block as Datalog source code

source

pub fn container(&self) -> &SerializedBiscuit

returns the internal representation of the token

source

pub fn append_with_keypair( &self, keypair: &KeyPair, block_builder: BlockBuilder ) -> Result<Self, Token>

adds a new block to the token, using the provided CSPRNG

since the public key is integrated into the token, the keypair can be discarded right after calling this function

source

pub fn third_party_request(&self) -> Result<ThirdPartyRequest, Token>

source

pub fn append_third_party( &self, external_key: PublicKey, response: ThirdPartyBlock ) -> Result<Self, Token>

source

pub fn append_third_party_with_keypair( &self, external_key: PublicKey, response: ThirdPartyBlock, next_keypair: KeyPair ) -> Result<Self, Token>

source

pub fn block_symbols(&self, index: usize) -> Result<Vec<String>, Token>

gets the list of symbols from a block

source

pub fn block_public_keys(&self, index: usize) -> Result<PublicKeys, Token>

gets the list of public keys from a block

source

pub fn block_external_key( &self, index: usize ) -> Result<Option<PublicKey>, Token>

gets the list of public keys from a block

source

pub fn block_count(&self) -> usize

returns the number of blocks (at least 1)

Trait Implementations§

source§

impl Clone for Biscuit

source§

fn clone(&self) -> Biscuit

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Biscuit

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Display for Biscuit

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T> ToString for T
where T: Display + ?Sized,

source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V