pub struct ReferenceAuthenticator { /* private fields */ }Expand description
A bearer-token authenticator over a static token -> principal id map.
This is a reference implementation; a real deployment supplies its own
Authenticator (OIDC, LDAP, an mTLS-subject mapping, …). Two deliberate
properties follow from it being a reference, not a hardened identity provider:
- Token lookup is a
HashMap::get, not a constant-time compare. The map’s randomizedSipHashmakes a timing oracle impractical, and the privileged admin token (a single fixed secret) does use a constant-time compare (crate::bearer). A deployment that treats data-plane tokens as timing-sensitive secrets should plug in its own authenticator. - In token mode the verified mTLS client identity is not the principal.
mTLS provides transport authentication (the cert chain is verified by the
TLS layer); the principal id here comes from the token map. A deployment
wanting certificate-derived identity supplies an authenticator that maps
client_cert_subjectto a principal.
Implementations§
Trait Implementations§
Source§impl Authenticator for ReferenceAuthenticator
impl Authenticator for ReferenceAuthenticator
Source§async fn authenticate(
&self,
creds: &ClientCredentials,
) -> Result<Principal, AuthError>
async fn authenticate( &self, creds: &ClientCredentials, ) -> Result<Principal, AuthError>
Authenticates the credentials, returning the principal. Read more
Source§impl Debug for ReferenceAuthenticator
impl Debug for ReferenceAuthenticator
Source§impl Default for ReferenceAuthenticator
impl Default for ReferenceAuthenticator
Source§fn default() -> ReferenceAuthenticator
fn default() -> ReferenceAuthenticator
Returns the “default value” for a type. Read more
Auto Trait Implementations§
impl Freeze for ReferenceAuthenticator
impl RefUnwindSafe for ReferenceAuthenticator
impl Send for ReferenceAuthenticator
impl Sync for ReferenceAuthenticator
impl Unpin for ReferenceAuthenticator
impl UnsafeUnpin for ReferenceAuthenticator
impl UnwindSafe for ReferenceAuthenticator
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
Source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
Wrap the input message
T in a tonic::Request