klieo-auth-common 0.41.2

Shared authentication traits and types for klieo HTTP transports
Documentation

klieo-auth-common

Shared authentication primitives for klieo HTTP transports.

This crate hosts the protocol-agnostic surface that both klieo-a2a and klieo-mcp-server consume to gate inbound requests:

  • [Authenticator] — server-side auth port, async-trait, takes a protocol-agnostic &dyn Headers plus the raw payload.
  • [AuthError] — uniform failure cases (Missing, Malformed, Rejected).
  • [Identity] / [ScopeSet] — verified caller principal plus credential scopes for per-method authorisation.
  • [Headers] — minimal read-only header bag implemented by each transport's decoded header type.
  • [BearerTokenAuthenticator] — Authorization: Bearer <token> validator parameterised by a caller-supplied verifier closure.
  • [AllowAnonymous] — #[cfg(feature = "test-fixtures")] no-auth fixture.

Concrete production verifiers (JWT / JWKS) live in klieo-auth-oauth.

Status

0.38.x — pre-1.0; patch releases are backward-compatible. See docs/SEMVER.md.

License

MIT