modkit_auth/traits.rs
1use crate::{claims_error::ClaimsError, errors::AuthError};
2use async_trait::async_trait;
3use jsonwebtoken::Header;
4use serde_json::Value;
5
6/// Validates and parses JWT tokens
7#[async_trait]
8pub trait TokenValidator: Send + Sync {
9 /// Validate a JWT token and return normalized claims as JSON
10 async fn validate_and_parse(&self, token: &str) -> Result<Value, AuthError>;
11}
12
13/// Provider that can validate JWT signatures and decode tokens
14#[async_trait]
15pub trait KeyProvider: Send + Sync {
16 /// Returns the name of this provider (for debugging/logging)
17 fn name(&self) -> &str;
18
19 /// Attempt to validate the JWT signature and decode its header and claims
20 ///
21 /// Returns the JWT header and raw claims as JSON if validation succeeds.
22 /// Returns an error if the signature is invalid or decoding fails.
23 ///
24 /// This method should:
25 /// - Decode the JWT header
26 /// - Find the appropriate key (e.g., by kid)
27 /// - Validate the signature
28 /// - Return raw claims for further processing
29 async fn validate_and_decode(&self, token: &str) -> Result<(Header, Value), ClaimsError>;
30
31 /// Optional: refresh keys if this provider supports it (e.g., JWKS)
32 async fn refresh_keys(&self) -> Result<(), ClaimsError> {
33 Ok(())
34 }
35}