pub trait UserOps {
fn user_create<'life0, 'life1, 'life2, 'async_trait>(
jwt: &'life0 Jwt,
password: &'life1 str,
user_create_opts: &'life2 UserCreateOpts,
timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<UserCreateResult>> + Send + 'async_trait>>
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
fn generate_new_device<'life0, 'life1, 'life2, 'async_trait>(
jwt: &'life0 Jwt,
password: &'life1 str,
device_create_options: &'life2 DeviceCreateOpts,
timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<DeviceAddResult>> + Send + 'async_trait>>
where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
fn user_verify<'life0, 'async_trait>(
jwt: &'life0 Jwt,
timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<Option<UserResult>>> + Send + 'async_trait>>
where
'life0: 'async_trait;
fn user_list_devices<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = Result<UserDeviceListResult>> + Send + 'async_trait>>
where
'life0: 'async_trait,
Self: 'async_trait;
fn user_get_public_key<'life0, 'life1, 'async_trait>(
&'life0 self,
users: &'life1 [UserId]
) -> Pin<Box<dyn Future<Output = Result<HashMap<UserId, PublicKey>>> + Send + 'async_trait>>
where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
fn user_rotate_private_key<'life0, 'life1, 'async_trait>(
&'life0 self,
password: &'life1 str
) -> Pin<Box<dyn Future<Output = Result<UserUpdatePrivateKeyResult>> + Send + 'async_trait>>
where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
fn user_delete_device<'life0, 'life1, 'async_trait>(
&'life0 self,
device_id: Option<&'life1 DeviceId>
) -> Pin<Box<dyn Future<Output = Result<DeviceId>> + Send + 'async_trait>>
where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait;
}Expand description
IronOxide User Operations
Key Terms
- Device - The only entity in the Data Control Platform that can decrypt data. A device is authorized using a user’s private key, therefore a device is tightly bound to a user.
- ID - The ID representing a user or device. It must be unique within its segment and will not be encrypted.
- Password - The string used to encrypt and escrow a user’s private key.
- Rotation - Changing a user’s private key while leaving their public key unchanged. This can be accomplished by calling user_rotate_private_key.
Required methods
fn user_create<'life0, 'life1, 'life2, 'async_trait>(
jwt: &'life0 Jwt,
password: &'life1 str,
user_create_opts: &'life2 UserCreateOpts,
timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<UserCreateResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn user_create<'life0, 'life1, 'life2, 'async_trait>(
jwt: &'life0 Jwt,
password: &'life1 str,
user_create_opts: &'life2 UserCreateOpts,
timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<UserCreateResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Creates a user.
Arguments
jwt- Valid IronCore or Auth0 JWTpassword- Password to use for encrypting and escrowing the user’s private keyuser_create_opts- User creation parameters. Default values are provided with UserCreateOpts::default()timeout- Timeout for this operation orNonefor no timeout
Examples
let jwt = Jwt::new(jwt_str)?;
let password = "foobar";
let opts = UserCreateOpts::new(false);
let user_result = IronOxide::user_create(&jwt, password, &opts, None).await?;fn generate_new_device<'life0, 'life1, 'life2, 'async_trait>(
jwt: &'life0 Jwt,
password: &'life1 str,
device_create_options: &'life2 DeviceCreateOpts,
timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<DeviceAddResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn generate_new_device<'life0, 'life1, 'life2, 'async_trait>(
jwt: &'life0 Jwt,
password: &'life1 str,
device_create_options: &'life2 DeviceCreateOpts,
timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<DeviceAddResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Generates a new device for the user specified in the JWT.
This will result in a new transform key (from the user’s master private key to the new device’s public key) being generated and stored with the IronCore Service.
Arguments
jwt- Valid IronCore or Auth0 JWTpassword- Password for the user specified in the JWTdevice_create_options- Device creation parameters. Default values are provided with DeviceCreateOpts::default()timeout- Timeout for this operation orNonefor no timeout
Examples
let jwt = Jwt::new(jwt_str)?;
let password = "foobar";
let device_name = DeviceName::try_from("primary_device")?;
let opts = DeviceCreateOpts::new(Some(device_name));
let device_result = IronOxide::generate_new_device(&jwt, password, &opts, None).await?;
let device_id: &DeviceId = device_result.device_id();Verifies the existence of a user using a JWT to identify their user record.
Returns a None if the user could not be found.
Arguments
jwt- Valid IronCore or Auth0 JWTtimeout- Timeout for this operation orNonefor no timeout
Examples
let jwt = Jwt::new(jwt_str)?;
let verify_result = IronOxide::user_verify(&jwt, None).await?;
let user_id = verify_result.expect("User not found!").account_id();fn user_list_devices<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = Result<UserDeviceListResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
fn user_list_devices<'life0, 'async_trait>(
&'life0 self
) -> Pin<Box<dyn Future<Output = Result<UserDeviceListResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
Self: 'async_trait,
Lists all of the devices for the current user.
Examples
let devices_result = sdk.user_list_devices().await?;
let devices: Vec<UserDevice> = devices_result.result().to_vec();Gets users’ public keys given their IDs.
Allows discovery of which user IDs have keys in the IronCore system to help determine if they can be added to groups or have documents shared with them.
Only returns users whose keys were found in the IronCore system.
Arguments
users- List of user IDs to check
Examples
let user1 = UserId::try_from("colt")?;
let user2 = UserId::try_from("fake_user")?;
let users = [user1, user2];
// This will only return one entry, for user "colt"
let get_result = sdk.user_get_public_key(&users).await?;
let (valid_users, invalid_users): (Vec<&UserId>, Vec<&UserId>) =
users.iter().partition(|u| get_result.contains_key(u));fn user_rotate_private_key<'life0, 'life1, 'async_trait>(
&'life0 self,
password: &'life1 str
) -> Pin<Box<dyn Future<Output = Result<UserUpdatePrivateKeyResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn user_rotate_private_key<'life0, 'life1, 'async_trait>(
&'life0 self,
password: &'life1 str
) -> Pin<Box<dyn Future<Output = Result<UserUpdatePrivateKeyResult>> + Send + 'async_trait>> where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Rotates the current user’s private key while leaving their public key the same.
There’s no black magic here! This is accomplished via multi-party computation with the IronCore webservice.
The main use case for this is a workflow that requires that users be generated prior to the user logging in for the first time. In this situation, a user’s cryptographic identity can be generated by a third party, like a server process, and then the user can take control of their keys by rotating their private key.
Arguments
password - Password to unlock the current user’s private key
Examples
let password = "foobar";
let rotate_result = sdk.user_rotate_private_key(password).await?;Deletes a device.
If deleting the currently signed-in device, the SDK will need to be re-initialized with IronOxide::initialize before further use.
Returns the ID of the deleted device.
Arguments
device_id- ID of the device to delete. IfNone, deletes the current device
Examples
// If successful, returns the same `DeviceId` it is passed.
let deleted_device: DeviceId = sdk.user_delete_device(Some(&device_id)).await?;