cf-modkit-auth 0.2.14

ModKit authentication library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

# ModKit Auth

Authentication infrastructure for CyberFabric / ModKit.

## Overview

The `cf-modkit-auth` crate provides:

- **JWT / JWKS**`KeyProvider` trait, `JwksKeyProvider` with background key refresh, `ValidationConfig`, standard claim constants
- **Token validation**`TokenValidator` trait, `ClaimsError` / `AuthError` error types
- **Auth configuration**`AuthConfig` (issuers, audiences, leeway, JWKS endpoint)
- **Outbound OAuth2 client credentials**`Token` handle with automatic refresh and invalidation, `OAuthClientConfig`, `BearerAuthLayer` (tower), `HttpClientBuilderExt` for `modkit-http` integration
- **Auth metrics**`AuthMetrics` trait with `LoggingMetrics` and `NoOpMetrics` implementations

## Outbound OAuth2 quick start

```rust
use modkit_auth::{HttpClientBuilderExt, OAuthClientConfig, SecretString, Token};
use modkit_http::HttpClientBuilder;

let token = Token::new(OAuthClientConfig {
    token_endpoint: Some("https://idp.example.com/oauth/token".parse()?),
    client_id: "my-service".into(),
    client_secret: SecretString::new("my-secret"),
    scopes: vec!["api.read".into()],
    ..Default::default()
})
.await?;

let client = HttpClientBuilder::new()
    .with_bearer_auth(token)
    .build()?;

// Every request gets Authorization: Bearer <token> automatically
let resp = client.get("https://api.example.com/resource").send().await?;
```

See `examples/` for more patterns (OIDC discovery, token invalidation, shared token, form auth).

## License

Licensed under Apache-2.0.