codlet_core/auth/mod.rs
1//! High-level orchestration managers (RFC-013).
2//!
3//! This module provides three composable managers that wrap the low-level
4//! primitives into safe, ergonomic flows:
5//!
6//! - [`CodeAuth`] โ code issuance, two-step redemption, callback-based
7//! redemption, and revocation.
8//! - [`SessionManager`] โ session issuance (requires a [`RedeemSuccess`]
9//! proof), validation, and revocation.
10//! - [`FormTokenManager`] โ form-token issuance and atomic consume with
11//! idempotency replay support.
12//!
13//! ## Layered design (RFC-013 ยง10.1)
14//!
15//! Primitive layer (`code`, `hashing`, `state`): security-conscious custom apps.
16//! Store service layer (`store::*` traits): custom routing and special flows.
17//! Flow service layer (`auth::*` managers): standard flows (this module).
18//! Framework adapter layer: future crates for quick integration.
19//!
20//! ## Host application boundary
21//!
22//! codlet authenticates; the host authorizes. The managers never make access
23//! control decisions. [`RedeemSuccess`] carries an opaque `grant` returned by
24//! the host at issuance time; codlet does not interpret it.
25
26pub mod code;
27pub mod error;
28pub mod norate;
29pub mod session;
30pub mod token;
31
32pub use code::CodeAuth;
33pub use error::{FormTokenError, IssuedSession, RedeemError, RedeemSuccess, SessionError};
34pub use norate::NoRateLimit;
35pub use session::SessionManager;
36pub use token::FormTokenManager;