auth-framework 0.5.0-rc18

A comprehensive, production-ready authentication and authorization framework for Rust applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

use crate::api::ApiState;
use axum::{
    Router,
    response::Json,
    routing::{get, post},
};

/// OpenID4VCI (Verifiable Credential Issuance) metadata endpoint.
///
/// Serves the Credential Issuer Metadata at /.well-known/openid-credential-issuer.
///
/// # Example
/// ```rust,no_run
/// use auth_framework::api::advanced_protocols::credential_issuer_metadata;
///
/// // This endpoint is automatically mounted by the advanced protocol router
/// // and returns metadata detailing supported verifiable credentials.
/// ```
pub async fn credential_issuer_metadata() -> Json<serde_json::Value> {
    Json(serde_json::json!({
        "credential_issuer": "https://auth.example.com",
        "credential_endpoint": "https://auth.example.com/credential",
        "supported_credentials": []
    }))
}

/// OpenID4VCI credential issuance endpoint.
///
/// Accepts a credential request and returns the issued verifiable credential.
///
/// # Example
/// ```rust,no_run
/// use auth_framework::api::advanced_protocols::issue_credential;
///
/// // Clients POST their presentation definitions here to receive a Verifiable Credential.
/// ```
pub async fn issue_credential() -> Json<serde_json::Value> {
    Json(serde_json::json!({ "status": "not_implemented" }))
}

/// OpenID4VP (Verifiable Presentations) request endpoint.
///
/// Serves presentation requests directing clients to submit matching claims.
///
/// # Example
/// ```rust,no_run
/// use auth_framework::api::advanced_protocols::presentation_request;
///
/// // Provides the Presentation Definition specifying exactly which claims
/// // the user needs to share with the relying party.
/// ```
pub async fn presentation_request() -> Json<serde_json::Value> {
    Json(serde_json::json!({ "presentation_definition": {} }))
}

/// OpenID4VP presentation submission endpoint.
///
/// Accepts verifiable presentations containing signed credentials structure.
///
/// # Example
/// ```rust,no_run
/// use auth_framework::api::advanced_protocols::presentation_response;
///
/// // Validates the JSON Web Signature (JWS) or EdDSA proof submitted
/// // by the digital wallet.
/// ```
pub async fn presentation_response() -> Json<serde_json::Value> {
    Json(serde_json::json!({ "status": "presentation_received" }))
}

/// SPIFFE Trust Domain bundle endpoint.
///
/// Delivers the public Trust Bundle (JWKS key format structure) necessary to validate
/// the digital signatures on X.509-SVIDs or JWT-SVIDs.
///
/// # Example
/// ```rust,no_run
/// use auth_framework::api::advanced_protocols::spiffe_trust_bundle;
///
/// // Other workloads pull keys from here to securely authenticate service identities.
/// ```
pub async fn spiffe_trust_bundle() -> Json<serde_json::Value> {
    Json(serde_json::json!({ "keys": [] }))
}

/// CAEP (Continuous Access Evaluation Profile) Shared Signals endpoint.
///
/// Consumes asynchronous risk signals to revoke sessions real-time.
///
/// # Example
/// ```rust,no_run
/// use auth_framework::api::advanced_protocols::caep_events;
///
/// // Accepts SSE (Shared Signals and Events) payload confirming compromised
/// // user devices to sever existing active tokens immediately.
/// ```
pub async fn caep_events() -> Json<serde_json::Value> {
    Json(serde_json::json!({ "events": [] }))
}

/// ACME (Automatic Certificate Management Environment) Directory.
///
/// Serves the root ACME directory metadata providing discovery URIs for
/// registering clients and completing domain HTTP-01 validations.
///
/// # Example
/// ```rust,no_run
/// use auth_framework::api::advanced_protocols::acme_directory;
///
/// // Returns directory mappings enabling automated TLS cert renewals.
/// ```
pub async fn acme_directory() -> Json<serde_json::Value> {
    Json(serde_json::json!({
        "newNonce": "https://auth.example.com/acme/new-nonce",
        "newAccount": "https://auth.example.com/acme/new-account",
        "newOrder": "https://auth.example.com/acme/new-order"
    }))
}

/// Configures and returns the Axum router for all advanced protocol endpoints.
///
/// Merges OpenID4VCI, OpenID4VP, SPIFFE, CAEP, and ACME handlers into a unified router
/// intended for high-profile identity interactions.
///
/// # Example
/// ```rust,ignore
/// use auth_framework::api::advanced_protocols;
/// use axum::Router;
///
/// // Within server.rs builder:
/// let router = Router::new()
///     .merge(advanced_protocols::router()) // Auto-binds endpoints
///     // .with_state(state)
///     ;
/// ```
pub fn router() -> Router<ApiState> {
    Router::new()
        // OpenID4VCI
        .route(
            "/.well-known/openid-credential-issuer",
            get(credential_issuer_metadata),
        )
        .route("/credential", post(issue_credential))
        // OpenID4VP
        .route("/presentation-request", get(presentation_request))
        .route("/presentation-response", post(presentation_response))
        // SPIFFE
        .route("/.well-known/spiffe-trust-domain", get(spiffe_trust_bundle))
        // CAEP
        .route("/caep/events", post(caep_events))
        // ACME
        .route("/acme/directory", get(acme_directory))
}