pub enum BearerAuthenticator {
Ephemeral {
user_key_pair: KeyPair,
cache: Mutex<HashMap<LexeScope, TokenWithExpiration>>,
},
Static {
token: BearerAuthToken,
scope: LexeScope,
},
}Expand description
Hands out fresh BearerAuthTokens for a given LexeScope, caching them
until they expire. See the module docs for the two variants.
Variants§
Ephemeral
Our standard authenticator, which mints a fresh short-lived token whenever the cached one for a given scope expires.
Fields
user_key_pair: KeyPairThe ed25519::KeyPair for the UserPk, used to authenticate
with the lexe backend.
Static
A single pre-minted, long-lived token of a fixed scope, which can serve any request whose scope it covers but cannot mint new tokens.
Fields
token: BearerAuthTokenThe fixed, long-lived auth token.
scope: LexeScopeThe scope that was passed in alongside the token when this
BearerAuthenticator was created, i.e. the scope the caller
expects was granted to the token. The actual authorization scope
is ultimately determined by the verifying server.
Implementations§
Source§impl BearerAuthenticator
impl BearerAuthenticator
Sourcepub fn new(user_key_pair: KeyPair) -> Self
pub fn new(user_key_pair: KeyPair) -> Self
Create an Ephemeral authenticator that signs auth
requests with user_key_pair and mints tokens on demand.
Sourcepub fn new_static_token(token: BearerAuthToken, scope: LexeScope) -> Self
pub fn new_static_token(token: BearerAuthToken, scope: LexeScope) -> Self
Create a Static authenticator that always returns the
same long-lived token. Pass the scope that the token was granted.
pub fn user_key_pair(&self) -> Option<&KeyPair>
Sourcepub async fn get_token<T: BearerAuthBackendApi + ?Sized>(
&self,
api: &T,
now: SystemTime,
scope: LexeScope,
) -> Result<BearerAuthToken, BackendApiError>
pub async fn get_token<T: BearerAuthBackendApi + ?Sized>( &self, api: &T, now: SystemTime, scope: LexeScope, ) -> Result<BearerAuthToken, BackendApiError>
Get a fresh token for the requested scope: either a still-fresh cached
token, or a newly authenticated one (which is then cached).
Sourcepub async fn get_token_with_exp<T: BearerAuthBackendApi + ?Sized>(
&self,
api: &T,
now: SystemTime,
scope: LexeScope,
) -> Result<TokenWithExpiration, BackendApiError>
pub async fn get_token_with_exp<T: BearerAuthBackendApi + ?Sized>( &self, api: &T, now: SystemTime, scope: LexeScope, ) -> Result<TokenWithExpiration, BackendApiError>
get_token, but also returns the token’s expiration.
Sourcepub async fn mint_long_lived_gateway_proxy_token<T>(
&self,
api: &T,
now: SystemTime,
) -> Result<BearerAuthToken, BackendApiError>where
T: BearerAuthBackendApi + ?Sized,
pub async fn mint_long_lived_gateway_proxy_token<T>(
&self,
api: &T,
now: SystemTime,
) -> Result<BearerAuthToken, BackendApiError>where
T: BearerAuthBackendApi + ?Sized,
Mint a fresh, long-lived LexeScope::GatewayProxy token,
typically for use by a SDK client using client credentials.
Requires an Ephemeral authenticator;
a Static one cannot mint new tokens.