authn_resolver_sdk/plugin_api.rs
1//! Plugin API trait for `AuthN` resolver implementations.
2//!
3//! Plugins implement this trait to provide token validation.
4//! The gateway discovers plugins via GTS types-registry and delegates
5//! API calls to the selected plugin.
6
7use async_trait::async_trait;
8
9use crate::error::AuthNResolverError;
10use crate::models::AuthenticationResult;
11
12/// Plugin API trait for `AuthN` resolver implementations.
13///
14/// Each plugin registers this trait with a scoped `ClientHub` entry
15/// using its GTS instance ID as the scope.
16///
17/// The gateway delegates to this method. Cross-cutting concerns (logging,
18/// metrics) may be added at the gateway level in the future.
19#[async_trait]
20pub trait AuthNResolverPluginClient: Send + Sync {
21 /// Authenticate a bearer token and return the validated identity.
22 ///
23 /// # Arguments
24 ///
25 /// * `bearer_token` - The raw bearer token string
26 ///
27 /// # Errors
28 ///
29 /// - `Unauthorized` if the token is invalid, expired, or malformed
30 /// - `Internal` for unexpected errors
31 async fn authenticate(
32 &self,
33 bearer_token: &str,
34 ) -> Result<AuthenticationResult, AuthNResolverError>;
35}