Skip to main content

pas_external/
lib.rs

1#![doc = include_str!("../README.md")]
2
3pub mod audit;
4pub mod error;
5#[cfg(feature = "oauth")]
6pub mod oauth;
7#[cfg(feature = "token")]
8pub mod oidc;
9#[cfg(feature = "oauth")]
10pub mod pas_port;
11#[cfg(feature = "oauth")]
12pub mod pkce;
13#[cfg(feature = "session-liveness")]
14pub mod session_liveness;
15#[cfg(feature = "token")]
16pub mod token;
17pub mod types;
18
19#[cfg(feature = "axum")]
20pub mod middleware;
21
22// Re-exports for convenient access
23pub use audit::{
24    AuditEvent, AuditSink, IdTokenFailureKind, MemoryRateLimiter, NoopAuditSink, RateLimitKey,
25    RateLimitedAuditSink, RateLimiter, VerifyErrorKind, compose_id_token_source_id,
26    compose_source_id,
27};
28#[cfg(any(test, feature = "test-support"))]
29pub use audit::MemoryAuditSink;
30pub use error::{Error, TokenError};
31#[cfg(feature = "oauth")]
32pub use oauth::{AuthClient, AuthorizationRequest, OAuthConfig, TokenResponse, UserInfo};
33#[cfg(feature = "oauth")]
34pub use pkce::{generate_code_challenge, generate_code_verifier, generate_state};
35#[cfg(feature = "session-liveness")]
36pub use session_liveness::{
37    CipherError, EncryptedRefreshToken, LivenessFailure, LivenessOutcome, RevokeCause,
38    TokenCipher, TransientCause, attempt_liveness_refresh,
39};
40// γ port-and-adapter — Phase 6.1 (D-04 = γ, locked 2026-05-05).
41// `KeySet`, `PublicKey`, `VerifiedClaims`, `verify_v4_*`,
42// `parse_public_key_hex`, `extract_unverified_kid`, and the
43// `WellKnownPaseto*` types from 0.5 are removed — see CHANGELOG 0.6.0.
44#[cfg(feature = "token")]
45pub use token::{AuthSession, BearerVerifier, Expectations, VerifyError};
46#[cfg(feature = "well-known-fetch")]
47pub use token::PasJwtVerifier;
48// Re-export gated on BOTH `token` (the source module) AND
49// `test-support` / `cfg(test)` (the consumer-facing flag). Pre-9.C
50// the cfg was just `any(test, feature = "test-support")` which broke
51// `--no-default-features --features test-support` builds because the
52// `token` module itself is gated `feature = "token"`. Tightening
53// here is a feature-matrix correctness fix; semantics under default
54// features (where `token` is on) are unchanged.
55#[cfg(all(feature = "token", any(test, feature = "test-support")))]
56pub use token::MemoryBearerVerifier;
57// OIDC RP middleware (Phase 10.11) — sibling of `token::*` for
58// id_token verification.
59#[cfg(feature = "token")]
60pub use oidc::{Address, IdAssertion, IdTokenVerifier, IdVerifyError, Nonce, ScopePiiReader};
61#[cfg(feature = "well-known-fetch")]
62pub use oidc::PasIdTokenVerifier;
63#[cfg(all(feature = "token", any(test, feature = "test-support")))]
64pub use oidc::MemoryIdTokenVerifier;
65pub use types::{KeyId, Ppnum, PpnumId, SessionId, UserId};
66#[cfg(feature = "oauth")]
67pub use url::Url;