pas-external 0.8.0-beta.1

Ppoppo Accounts System (PAS) external SDK — OAuth2 PKCE, JWT verification port, Axum middleware, session liveness
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

//! γ port-and-adapter SDK boundary for bearer-token verification.
//!
//! Phase 6.1 — D-04 = γ (locked 2026-05-05). The SDK exposes a
//! [`BearerVerifier`] trait + [`AuthSession`] result, hiding the
//! engine ([`ppoppo_token`]), the token format (JWT, RFC 9068),
//! and the JWKS substrate behind a single async port. External
//! Developer apps inject `Arc<dyn BearerVerifier>` into their
//! middleware and never see `jsonwebtoken::*` types.
//!
//! Module layout — mirrors [`crate::pas_port`] (the OAuth port +
//! adapter cluster) for parallel structure:
//!
//! - [`port`] — `BearerVerifier`, `AuthSession`, `Expectations`,
//!   `VerifyError` (always compiled when `token` feature is on)
//! - [`jwt`] — `PasJwtVerifier` production adapter (gated
//!   `well-known-fetch`; depends on `ppoppo-token`)
//! - [`memory`] — `MemoryBearerVerifier` test-support adapter
//!   (gated `cfg(any(test, feature = "test-support"))`)
//! - [`keyset`] — `JwksCache` (`pub(crate)` — internal to `jwt.rs`)

pub mod port;

#[cfg(feature = "well-known-fetch")]
pub mod jwt;

#[cfg(feature = "well-known-fetch")]
pub(crate) mod keyset;

#[cfg(any(test, feature = "test-support"))]
pub mod memory;

pub use port::{AuthSession, BearerVerifier, Expectations, VerifyError};

#[cfg(feature = "well-known-fetch")]
pub use jwt::PasJwtVerifier;

#[cfg(any(test, feature = "test-support"))]
pub use memory::MemoryBearerVerifier;