#[derive(Debug, Clone)]
pub enum AuthBackend {
Pam { service: String },
Ldap(LdapAuthConfig),
File(FileAuthConfig),
Subrequest(SubrequestAuthConfig),
Jwt {
cookie_name: String,
validity_secs: u64,
inner: Option<Box<AuthBackend>>,
},
Oidc(Box<OidcConfig>),
}
#[derive(Debug, Clone)]
pub struct OidcConfig {
pub issuer: String,
pub client_id: String,
pub client_secret: Option<String>,
pub redirect_uri: String,
pub scopes: Vec<String>,
pub username_claim: String,
pub groups_claim: String,
pub login_path: String,
pub callback_path: String,
pub state_ttl_secs: u64,
pub refresh: bool,
pub refresh_ttl_secs: u64,
pub refresh_cookie_name: String,
pub logout_path: String,
pub post_logout_uri: String,
pub idp_logout: bool,
pub userinfo: bool,
pub discovery_refresh_secs: u64,
pub discovery_retry: bool,
pub backchannel_logout_enabled: bool,
pub backchannel_logout_path: String,
pub backchannel_max_iat_skew_secs: u64,
pub backchannel_jti_ttl_secs: u64,
pub bearer: bool,
pub bearer_audiences: Vec<String>,
pub bearer_cache_size: usize,
pub revoke_on_logout: bool,
pub require_iss: bool,
pub resources: Vec<String>,
}
#[derive(Debug, Clone)]
pub struct LdapAuthConfig {
pub url: String,
pub bind_dn: String,
pub base_dn: String,
pub group_filter: String,
pub group_attr: String,
pub starttls: bool,
pub timeout_secs: u64,
}
#[derive(Debug, Clone)]
pub struct FileAuthConfig {
pub path: String,
pub cache_ttl_secs: u64,
}
#[derive(Debug, Clone)]
pub struct SubrequestAuthConfig {
pub url: String,
pub forward_headers: Vec<String>,
pub user_header: Option<String>,
pub groups_header: Option<String>,
pub timeout_secs: u64,
}
#[derive(Debug, Clone)]
pub struct BasicAuthConfig {
pub realm: String,
}