bitwarden-auth 3.0.0

Internal crate for the bitwarden crate. Do not use.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

use bitwarden_api_api::models::{MasterPasswordPolicyResponseModel, PrivateKeysResponseModel};
use bitwarden_api_identity::models::KdfType;
use serde::{Deserialize, Serialize};

use crate::login::api::response::UserDecryptionOptionsApiResponse;

/// API response model for a successful login via the Identity API.
/// OAuth 2.0 Successful Response RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-5.1>
#[derive(Serialize, Deserialize, Debug, PartialEq)]
pub(crate) struct LoginSuccessApiResponse {
    /// The access token string.
    pub access_token: String,
    /// The duration in seconds until the token expires.
    pub expires_in: u64,
    /// The scope of the access token.
    /// OAuth 2.0 RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-3.3>
    pub scope: String,

    /// The type of the token.
    /// This will be "Bearer" for send access tokens.
    /// OAuth 2.0 RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-7.1>
    pub token_type: String,

    /// The optional refresh token string.
    /// This token can be used to obtain new access tokens when the current one expires.
    pub refresh_token: Option<String>,

    // Custom Bitwarden connect/token response fields:
    // We send down uppercase fields today so we have to map them accordingly +
    // we add aliases for deserialization flexibility.
    /// The user key wrapped user private key
    /// Deprecated in favor of the `AccountKeys` field but still present for backward
    /// compatibility. and we can't expose AccountKeys in our LoginSuccessResponse until we get
    /// a PrivateKeysResponseModel SDK response model from KM with WASM / uniffi support.
    /// TODO: PM-30222 - clean up the comment about not being able to expose AccountKeys once
    /// we have a trait to convert PrivateKeysResponseModel to WrappedAccountCryptographicState
    #[serde(rename = "PrivateKey", alias = "privateKey")]
    pub private_key: Option<String>,

    /// The user's asymmetric encryption keys and signature keys
    #[serde(rename = "AccountKeys", alias = "accountKeys")]
    pub account_keys: Option<PrivateKeysResponseModel>,

    /// The master key wrapped user key.
    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
    #[serde(rename = "Key", alias = "key")]
    pub key: Option<String>,

    /// Two factor remember me token to be used for future requests
    /// to bypass 2FA prompts for a limited time.
    #[serde(rename = "TwoFactorToken", alias = "twoFactorToken")]
    pub two_factor_token: Option<String>,

    /// Master key derivation function type
    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
    #[serde(rename = "Kdf", alias = "kdf")]
    pub kdf: Option<KdfType>,

    /// Master key derivation function iterations
    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
    #[serde(rename = "KdfIterations", alias = "kdfIterations")]
    pub kdf_iterations: Option<i32>,

    /// Master key derivation function memory
    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
    #[serde(rename = "KdfMemory", alias = "kdfMemory")]
    pub kdf_memory: Option<i32>,

    /// Master key derivation function parallelism
    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
    #[serde(rename = "KdfParallelism", alias = "kdfParallelism")]
    pub kdf_parallelism: Option<i32>,

    /// Indicates whether an admin has reset the user's master password,
    /// requiring them to set a new password upon next login.
    #[serde(rename = "ForcePasswordReset", alias = "forcePasswordReset")]
    pub force_password_reset: Option<bool>,

    /// Indicates whether the user uses Key Connector and if the client should have a locally
    /// configured Key Connector URL in their environment.
    /// Note: This is currently only applicable for client_credential grant type logins and
    /// is only expected to be relevant for the CLI
    #[serde(rename = "ApiUseKeyConnector", alias = "apiUseKeyConnector")]
    pub api_use_key_connector: Option<bool>,

    /// The user's decryption options for their vault.
    #[serde(rename = "UserDecryptionOptions", alias = "userDecryptionOptions")]
    pub user_decryption_options: Option<UserDecryptionOptionsApiResponse>,

    /// If the user is subject to an organization master password policy,
    /// this field contains the requirements of that policy.
    #[serde(rename = "MasterPasswordPolicy", alias = "masterPasswordPolicy")]
    pub master_password_policy: Option<MasterPasswordPolicyResponseModel>,
}