Skip to main content

authn_resolver_sdk/
plugin_api.rs

1//! Plugin API trait for `AuthN` resolver implementations.
2//!
3//! Plugins implement this trait to provide token validation.
4//! The gateway discovers plugins via GTS types-registry and delegates
5//! API calls to the selected plugin.
6
7use async_trait::async_trait;
8
9use crate::error::AuthNResolverError;
10use crate::models::AuthenticationResult;
11
12/// Plugin API trait for `AuthN` resolver implementations.
13///
14/// Each plugin registers this trait with a scoped `ClientHub` entry
15/// using its GTS instance ID as the scope.
16///
17/// The gateway delegates to this method. Cross-cutting concerns (logging,
18/// metrics) may be added at the gateway level in the future.
19#[async_trait]
20pub trait AuthNResolverPluginClient: Send + Sync {
21    /// Authenticate a bearer token and return the validated identity.
22    ///
23    /// # Arguments
24    ///
25    /// * `bearer_token` - The raw bearer token string
26    ///
27    /// # Errors
28    ///
29    /// - `Unauthorized` if the token is invalid, expired, or malformed
30    /// - `Internal` for unexpected errors
31    async fn authenticate(
32        &self,
33        bearer_token: &str,
34    ) -> Result<AuthenticationResult, AuthNResolverError>;
35}