Module auth

Expand description

High-level orchestration managers (RFC-013).

This module provides three composable managers that wrap the low-level primitives into safe, ergonomic flows:

CodeAuth — code issuance, two-step redemption, callback-based redemption, and revocation.
SessionManager — session issuance (requires a RedeemSuccess proof), validation, and revocation.
FormTokenManager — form-token issuance and atomic consume with idempotency replay support.

§Layered design (RFC-013 §10.1)

Primitive layer (code, hashing, state): security-conscious custom apps. Store service layer (store::* traits): custom routing and special flows. Flow service layer (auth::* managers): standard flows (this module). Framework adapter layer: future crates for quick integration.

§Host application boundary

codlet authenticates; the host authorizes. The managers never make access control decisions. RedeemSuccess carries an opaque grant returned by the host at issuance time; codlet does not interpret it.

Re-exports§

pub use code::CodeAuth;
pub use error::FormTokenError;
pub use error::IssuedSession;
pub use error::RedeemError;
pub use error::RedeemSuccess;
pub use error::SessionError;
pub use norate::NoRateLimit;
pub use session::SessionManager;
pub use token::FormTokenManager;

Modules§

code: Code authentication manager (RFC-013).
error: Typed errors and outcomes for the orchestration layer (RFC-013).
norate: NoRateLimit — a no-op RateLimitStore for hosts that opt out of codlet-managed rate limiting.
session: Session manager (RFC-013 §3).
token: Form-token manager (RFC-013 §3).

Module auth

Module auth Copy item path

§Layered design (RFC-013 §10.1)

§Host application boundary

Re-exports§

Modules§

Module auth