pas-external 0.7.0

Ppoppo Accounts System (PAS) external SDK — OAuth2 PKCE, JWT verification port, Axum middleware, session liveness
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

#![doc = include_str!("../README.md")]

pub mod audit;
pub mod error;
#[cfg(feature = "oauth")]
pub mod oauth;
#[cfg(feature = "token")]
pub mod oidc;
#[cfg(feature = "oauth")]
pub mod pas_port;
#[cfg(feature = "oauth")]
pub mod pkce;
#[cfg(feature = "session-liveness")]
pub mod session_liveness;
#[cfg(feature = "token")]
pub mod token;
pub mod types;

#[cfg(feature = "axum")]
pub mod middleware;

// Re-exports for convenient access
pub use audit::{
    AuditEvent, AuditSink, IdTokenFailureKind, MemoryRateLimiter, NoopAuditSink, RateLimitKey,
    RateLimitedAuditSink, RateLimiter, VerifyErrorKind, compose_id_token_source_id,
    compose_source_id,
};
#[cfg(any(test, feature = "test-support"))]
pub use audit::MemoryAuditSink;
pub use error::{Error, TokenError};
#[cfg(feature = "oauth")]
pub use oauth::{AuthClient, AuthorizationRequest, OAuthConfig, TokenResponse, UserInfo};
#[cfg(feature = "oauth")]
pub use pkce::{generate_code_challenge, generate_code_verifier, generate_state};
#[cfg(feature = "session-liveness")]
pub use session_liveness::{
    CipherError, EncryptedRefreshToken, LivenessFailure, LivenessOutcome, RevokeCause,
    TokenCipher, TransientCause, attempt_liveness_refresh,
};
// γ port-and-adapter — Phase 6.1 (D-04 = γ, locked 2026-05-05).
// `KeySet`, `PublicKey`, `VerifiedClaims`, `verify_v4_*`,
// `parse_public_key_hex`, `extract_unverified_kid`, and the
// `WellKnownPaseto*` types from 0.5 are removed — see CHANGELOG 0.6.0.
#[cfg(feature = "token")]
pub use token::{AuthSession, BearerVerifier, Expectations, VerifyError};
#[cfg(feature = "well-known-fetch")]
pub use token::PasJwtVerifier;
// Re-export gated on BOTH `token` (the source module) AND
// `test-support` / `cfg(test)` (the consumer-facing flag). Pre-9.C
// the cfg was just `any(test, feature = "test-support")` which broke
// `--no-default-features --features test-support` builds because the
// `token` module itself is gated `feature = "token"`. Tightening
// here is a feature-matrix correctness fix; semantics under default
// features (where `token` is on) are unchanged.
#[cfg(all(feature = "token", any(test, feature = "test-support")))]
pub use token::MemoryBearerVerifier;
// OIDC RP middleware (Phase 10.11) — sibling of `token::*` for
// id_token verification.
#[cfg(feature = "token")]
pub use oidc::{Address, IdAssertion, IdTokenVerifier, IdVerifyError, Nonce, ScopePiiReader};
#[cfg(feature = "well-known-fetch")]
pub use oidc::PasIdTokenVerifier;
#[cfg(all(feature = "token", any(test, feature = "test-support")))]
pub use oidc::MemoryIdTokenVerifier;
pub use types::{KeyId, Ppnum, PpnumId, SessionId, UserId};
#[cfg(feature = "oauth")]
pub use url::Url;