Skip to main content

ReferenceAuthenticator

Struct ReferenceAuthenticator 

Source
pub struct ReferenceAuthenticator { /* private fields */ }
Expand description

A bearer-token authenticator over a static token -> principal id map.

This is a reference implementation; a real deployment supplies its own Authenticator (OIDC, LDAP, an mTLS-subject mapping, …). Two deliberate properties follow from it being a reference, not a hardened identity provider:

  • Token lookup is a HashMap::get, not a constant-time compare. The map’s randomized SipHash makes a timing oracle impractical, and the privileged admin token (a single fixed secret) does use a constant-time compare (crate::bearer). A deployment that treats data-plane tokens as timing-sensitive secrets should plug in its own authenticator.
  • In token mode the verified mTLS client identity is not the principal. mTLS provides transport authentication (the cert chain is verified by the TLS layer); the principal id here comes from the token map. A deployment wanting certificate-derived identity supplies an authenticator that maps client_cert_subject to a principal.

Implementations§

Source§

impl ReferenceAuthenticator

Source

pub fn new(tokens: HashMap<String, String>) -> Self

Builds an authenticator requiring one of tokens (token -> principal id).

Source

pub fn dev() -> Self

A dev-mode authenticator that accepts any caller (no tokens configured).

Trait Implementations§

Source§

impl Authenticator for ReferenceAuthenticator

Source§

async fn authenticate( &self, creds: &ClientCredentials, ) -> Result<Principal, AuthError>

Authenticates the credentials, returning the principal. Read more
Source§

impl Debug for ReferenceAuthenticator

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for ReferenceAuthenticator

Source§

fn default() -> ReferenceAuthenticator

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more