1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
//! Authentication providers for Micromegas
//!
//! This crate provides authentication and authorization for Micromegas services.
//! It supports multiple authentication methods:
//!
//! - **API Keys**: Simple bearer token authentication
//! - **OIDC**: OpenID Connect authentication with automatic JWKS caching
//!
//! # Example: API Key Authentication
//!
//! ```rust
//! use micromegas_auth::api_key::{ApiKeyAuthProvider, parse_key_ring};
//! use micromegas_auth::types::{AuthProvider, HttpRequestParts, RequestParts};
//!
//! # async fn example() -> anyhow::Result<()> {
//! let json = r#"[{"name": "user1", "key": "secret-key-123"}]"#;
//! let keyring = parse_key_ring(json)?;
//! let provider = ApiKeyAuthProvider::new(keyring);
//!
//! // Create request parts with Bearer token
//! let mut headers = http::HeaderMap::new();
//! headers.insert(
//! http::header::AUTHORIZATION,
//! "Bearer secret-key-123".parse().unwrap(),
//! );
//! let parts = HttpRequestParts {
//! headers,
//! method: http::Method::GET,
//! uri: "/api/endpoint".parse().unwrap(),
//! };
//!
//! let auth_ctx = provider.validate_request(&parts as &dyn RequestParts).await?;
//! println!("Authenticated: {}", auth_ctx.subject);
//! # Ok(())
//! # }
//! ```
//!
//! # Example: OIDC Authentication
//!
//! ```rust,no_run
//! use micromegas_auth::oidc::{OidcAuthProvider, OidcConfig, OidcIssuer};
//! use micromegas_auth::types::{AuthProvider, HttpRequestParts, RequestParts};
//!
//! # async fn example() -> anyhow::Result<()> {
//! let config = OidcConfig {
//! issuers: vec![OidcIssuer {
//! issuer: "https://accounts.google.com".to_string(),
//! audience: "your-client-id.apps.googleusercontent.com".to_string(),
//! }],
//! jwks_refresh_interval_secs: 3600,
//! token_cache_size: 1000,
//! token_cache_ttl_secs: 300,
//! };
//!
//! let provider = OidcAuthProvider::new(config).await?;
//!
//! // Create request parts with ID token
//! let mut headers = http::HeaderMap::new();
//! headers.insert(
//! http::header::AUTHORIZATION,
//! "Bearer id_token_here".parse().unwrap(),
//! );
//! let parts = HttpRequestParts {
//! headers,
//! method: http::Method::GET,
//! uri: "/api/endpoint".parse().unwrap(),
//! };
//!
//! let auth_ctx = provider.validate_request(&parts as &dyn RequestParts).await?;
//! println!("Authenticated: {}", auth_ctx.subject);
//! # Ok(())
//! # }
//! ```
/// Core authentication types and traits
/// API key authentication
/// OIDC authentication with JWKS caching
/// Multi-provider authentication (API key + OIDC)
/// Default authentication provider initialization
/// Tower service layer for tonic/gRPC authentication
/// Axum middleware for HTTP authentication