mod binding;
mod common;
pub mod custom;
pub mod dpop_nonce;
pub mod dpop_proof;
pub mod error;
pub mod extract;
pub mod introspection;
pub mod metadata;
pub mod multi_issuer;
pub mod observe;
pub mod rfc9068;
use crate::{
core::{
jwt::{ConfirmationClaim, validator::ValidatedJwt},
platform::{Duration, MaybeSendBoxFuture, MaybeSendSync, SystemTime},
},
error::ToRfc6750Error,
};
pub const DEFAULT_CLOCK_LEEWAY: Duration = Duration::from_secs(10);
pub trait AccessTokenValidator: MaybeSendSync {
type Claims: MaybeSendSync;
type Error: ToRfc6750Error;
fn validate_request<'a>(
&'a self,
headers: &'a http::HeaderMap,
method: &'a http::Method,
uri: &'a http::Uri,
client_cert_der: Option<&'a [u8]>,
) -> MaybeSendBoxFuture<'a, ValidationResult<Self::Claims, Self::Error>>;
}
#[derive(Debug)]
pub struct ValidationResult<C, E> {
pub outcome: Result<Option<ValidatedRequest<C>>, E>,
pub dpop_nonce: Option<String>,
}
#[derive(Debug)]
pub struct ValidatedRequest<Claims> {
pub issuer: Option<String>,
pub subject: Option<String>,
pub audience: Vec<String>,
pub jti: Option<String>,
pub issued_at: Option<SystemTime>,
pub expiration: Option<SystemTime>,
pub cnf: Option<ConfirmationClaim>,
pub claims: Claims,
pub introspection_jwt: Option<String>,
}
impl<C> From<ValidatedJwt<C>> for ValidatedRequest<C> {
fn from(jwt: ValidatedJwt<C>) -> Self {
Self {
issuer: jwt.issuer,
subject: jwt.subject,
audience: jwt.audience,
jti: jwt.jti,
issued_at: jwt.issued_at,
expiration: jwt.expiration,
cnf: jwt.cnf,
claims: jwt.claims,
introspection_jwt: None,
}
}
}