1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
//! Authentication and JWT handling.
//!
//! Forge supports JWT authentication with both symmetric (HMAC) and asymmetric
//! (RSA via JWKS) algorithms. Tokens are validated on every request and claims
//! are available in the function context.
//!
//! # Configuration
//!
//! ```toml
//! [auth]
//! jwt_algorithm = "RS256"
//! jwks_url = "https://provider.com/.well-known/jwks.json"
//! jwt_issuer = "https://provider.com"
//! jwt_audience = "my-app"
//! ```
//!
//! # Accessing Auth in Functions
//!
//! ```ignore
//! #[forge::query]
//! async fn get_profile(ctx: &QueryContext) -> Result<User> {
//! let user_id = ctx.auth.require_user_id()?;
//! // ...
//! }
//! ```
//!
//! # Non-UUID Providers
//!
//! For providers like Firebase or Clerk that don't use UUID subjects:
//!
//! ```ignore
//! let subject = ctx.auth.require_subject()?; // Returns &str
//! ```
//!
//! # Key Types
//!
//! - [`Claims`] - Parsed JWT claims
//! - [`ClaimsBuilder`] - Builder for constructing claims (testing)
pub use ;
pub use TokenPair;