Struct biscuit_auth::UnverifiedBiscuit

pub struct UnverifiedBiscuit { /* private fields */ }

A token that was parsed without cryptographic signature verification

Use this if you want to attenuate or print the content of a token without verifying it.

It can be converted to a Biscuit using UnverifiedBiscuit::check_signature, and then used for authorization

Implementations

impl UnverifiedBiscuit

pub fn from<T>(slice: T) -> Result<Self, Token>

where T: AsRef<[u8]>,

deserializes a token from raw bytes

pub fn from_base64<T>(slice: T) -> Result<Self, Token>

where T: AsRef<[u8]>,

deserializes a token from base64

pub fn check_signature<F>(self, f: F) -> Result<Biscuit, Format>

where F: Fn(Option<u32>) -> PublicKey,

checks the signature of the token and convert it to a Biscuit for authorization

pub fn append(&self, block_builder: BlockBuilder) -> Result<Self, Token>

adds a new block to the token

since the public key is integrated into the token, the keypair can be discarded right after calling this function

pub fn to_vec(&self) -> Result<Vec<u8>, Token>

serializes the token

pub fn to_base64(&self) -> Result<String, Token>

serializes the token and encode it to a (URL safe) base64 string

pub fn from_with_symbols( slice: &[u8], symbols: SymbolTable ) -> Result<Self, Token>

deserializes from raw bytes with a custom symbol table

pub fn from_base64_with_symbols<T>( slice: T, symbols: SymbolTable ) -> Result<Self, Token>

where T: AsRef<[u8]>,

deserializes a token from base64 with a custom symbol table

pub fn append_with_keypair( &self, keypair: &KeyPair, block_builder: BlockBuilder ) -> Result<Self, Token>

adds a new block to the token

since the public key is integrated into the token, the keypair can be discarded right after calling this function

pub fn root_key_id(&self) -> Option<u32>

returns an (optional) root key identifier. It provides a hint for public key selection during verification

pub fn revocation_identifiers(&self) -> Vec<Vec<u8>>

returns a list of revocation identifiers for each block, in order

revocation identifiers are unique: tokens generated separately with the same contents will have different revocation ids

pub fn external_public_keys(&self) -> Vec<Option<Vec<u8>>>

returns a list of external key for each block, in order

Blocks carrying an external public key are third-party blocks and their contents can be trusted as coming from the holder of the corresponding private key

pub fn block_count(&self) -> usize

returns the number of blocks (at least 1)

pub fn print_block_source(&self, index: usize) -> Result<String, Token>

prints the content of a block as Datalog source code

pub fn seal(&self) -> Result<UnverifiedBiscuit, Token>

creates a sealed version of the token

sealed tokens cannot be attenuated

pub fn third_party_request(&self) -> Result<ThirdPartyRequest, Token>

pub fn append_third_party(&self, slice: &[u8]) -> Result<Self, Token>

pub fn append_third_party_base64<T>(&self, slice: T) -> Result<Self, Token>

where T: AsRef<[u8]>,

Trait Implementations

impl Clone for UnverifiedBiscuit

fn clone(&self) -> UnverifiedBiscuit

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for UnverifiedBiscuit

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.