Struct biscuit_auth::Biscuit
source · pub struct Biscuit { /* private fields */ }
Expand description
This structure represents a valid Biscuit token
It contains multiple Block
elements, the associated symbol table,
and a serialized version of this data
extern crate biscuit_auth as biscuit;
use biscuit::{KeyPair, Biscuit, builder::*, builder_ext::*};
fn main() {
let root = KeyPair::new();
// first we define the authority block for global data,
// like access rights
// data from the authority block cannot be created in any other block
let mut builder = Biscuit::builder();
builder.add_fact(fact("right", &[string("/a/file1.txt"), string("read")]));
// facts and rules can also be parsed from a string
builder.add_fact("right(\"/a/file1.txt\", \"read\")").expect("parse error");
let token1 = builder.build(&root).unwrap();
// we can create a new block builder from that token
let mut builder2 = BlockBuilder::new();
builder2.check_operation("read");
let token2 = token1.append(builder2).unwrap();
}
Implementations§
source§impl Biscuit
impl Biscuit
sourcepub fn builder() -> BiscuitBuilder
pub fn builder() -> BiscuitBuilder
create the first block’s builder
call builder::BiscuitBuilder::build
to create the token
sourcepub fn from<T, KP>(slice: T, key_provider: KP) -> Result<Self, Token>
pub fn from<T, KP>(slice: T, key_provider: KP) -> Result<Self, Token>
deserializes a token and validates the signature using the root public key
sourcepub fn from_base64<T, KP>(slice: T, key_provider: KP) -> Result<Self, Token>
pub fn from_base64<T, KP>(slice: T, key_provider: KP) -> Result<Self, Token>
deserializes a token and validates the signature using the root public key
sourcepub fn to_base64(&self) -> Result<String, Token>
pub fn to_base64(&self) -> Result<String, Token>
serializes the token and encode it to a (URL safe) base64 string
sourcepub fn serialized_size(&self) -> Result<usize, Token>
pub fn serialized_size(&self) -> Result<usize, Token>
serializes the token
sourcepub fn seal(&self) -> Result<Biscuit, Token>
pub fn seal(&self) -> Result<Biscuit, Token>
creates a sealed version of the token
sealed tokens cannot be attenuated
creates a authorizer from this token
runs authorization with the provided authorizer
sourcepub fn append(&self, block_builder: BlockBuilder) -> Result<Self, Token>
pub fn append(&self, block_builder: BlockBuilder) -> Result<Self, Token>
adds a new block to the token
since the public key is integrated into the token, the keypair can be discarded right after calling this function
sourcepub fn context(&self) -> Vec<Option<String>>
pub fn context(&self) -> Vec<Option<String>>
returns the list of context elements of each block
the context is a free form text field in which application specific data can be stored
sourcepub fn root_key_id(&self) -> Option<u32>
pub fn root_key_id(&self) -> Option<u32>
returns an (optional) root key identifier. It provides a hint for public key selection during verification
sourcepub fn revocation_identifiers(&self) -> Vec<Vec<u8>>
pub fn revocation_identifiers(&self) -> Vec<Vec<u8>>
returns a list of revocation identifiers for each block, in order
revocation identifiers are unique: tokens generated separately with the same contents will have different revocation ids
sourcepub fn external_public_keys(&self) -> Vec<Option<PublicKey>>
pub fn external_public_keys(&self) -> Vec<Option<PublicKey>>
returns a list of external key for each block, in order
Blocks carrying an external public key are third-party blocks and their contents can be trusted as coming from the holder of the corresponding private key
sourcepub fn print_block_source(&self, index: usize) -> Result<String, Token>
pub fn print_block_source(&self, index: usize) -> Result<String, Token>
prints the content of a block as Datalog source code
sourcepub fn container(&self) -> &SerializedBiscuit
pub fn container(&self) -> &SerializedBiscuit
returns the internal representation of the token
sourcepub fn append_with_keypair(
&self,
keypair: &KeyPair,
block_builder: BlockBuilder
) -> Result<Self, Token>
pub fn append_with_keypair( &self, keypair: &KeyPair, block_builder: BlockBuilder ) -> Result<Self, Token>
adds a new block to the token, using the provided CSPRNG
since the public key is integrated into the token, the keypair can be discarded right after calling this function
pub fn third_party_request(&self) -> Result<ThirdPartyRequest, Token>
pub fn append_third_party( &self, external_key: PublicKey, response: ThirdPartyBlock ) -> Result<Self, Token>
pub fn append_third_party_with_keypair( &self, external_key: PublicKey, response: ThirdPartyBlock, next_keypair: KeyPair ) -> Result<Self, Token>
sourcepub fn block_symbols(&self, index: usize) -> Result<Vec<String>, Token>
pub fn block_symbols(&self, index: usize) -> Result<Vec<String>, Token>
gets the list of symbols from a block
sourcepub fn block_public_keys(&self, index: usize) -> Result<PublicKeys, Token>
pub fn block_public_keys(&self, index: usize) -> Result<PublicKeys, Token>
gets the list of public keys from a block
sourcepub fn block_external_key(
&self,
index: usize
) -> Result<Option<PublicKey>, Token>
pub fn block_external_key( &self, index: usize ) -> Result<Option<PublicKey>, Token>
gets the list of public keys from a block
sourcepub fn block_count(&self) -> usize
pub fn block_count(&self) -> usize
returns the number of blocks (at least 1)