pas-external 0.8.0

#![doc = include_str!("../README.md")]

pub mod audit;
pub mod error;
// `oauth` is the OAuth2 wire-DTO + AuthClient adapter used internally by
// `oidc::RelyingParty`. As of 0.8.0 it is `pub(crate)` — consumers reach
// the OIDC RP composition root (`oidc::RelyingParty<S>`) and never the
// raw OAuth surface. See `oidc::RefreshOutcome` for the boundary type at
// `RelyingParty::refresh`.
#[cfg(feature = "oauth")]
pub(crate) mod oauth;
#[cfg(feature = "token")]
pub mod oidc;
#[cfg(feature = "oauth")]
pub mod pas_port;
// `pkce` primitives (`generate_state`, `generate_code_verifier`,
// `generate_code_challenge`) are SDK plumbing — `oidc::RelyingParty::start`
// consumes them internally and exposes the resulting state via
// `AuthorizationRedirect`. As of 0.8.0 the module is `pub(crate)`.
#[cfg(feature = "oauth")]
pub(crate) mod pkce;
#[cfg(feature = "session-liveness")]
pub mod session_liveness;
#[cfg(feature = "token")]
pub mod token;
pub mod types;

// Test-support helpers. `FakePasServer` is the SDK-owned wiremock-wrapped
// fake PAS Authorization Server, replacing the 0.7.x
// `RelyingParty::for_test_with_parts` escape hatch. Consumer integration
// tests construct a real `RelyingParty::new(...)` against
// `FakePasServer.issuer_url()` so production and test go through the same
// public interface.
#[cfg(feature = "test-support")]
pub mod test_support;

// Re-exports for convenient access
pub use audit::{
    AuditEvent, AuditSink, IdTokenFailureKind, MemoryRateLimiter, NoopAuditSink, RateLimitKey,
    RateLimitedAuditSink, RateLimiter, VerifyErrorKind, compose_id_token_source_id,
    compose_source_id,
};
#[cfg(any(test, feature = "test-support"))]
pub use audit::MemoryAuditSink;
pub use error::{Error, TokenError};
#[cfg(feature = "session-liveness")]
pub use session_liveness::{
    CipherError, EncryptedRefreshToken, LivenessFailure, LivenessOutcome, RevokeCause,
    TokenCipher, TransientCause, attempt_liveness_refresh,
};
// γ port-and-adapter — Phase 6.1 (D-04 = γ, locked 2026-05-05).
// `KeySet`, `PublicKey`, `VerifiedClaims`, `verify_v4_*`,
// `parse_public_key_hex`, `extract_unverified_kid`, and the
// `WellKnownPaseto*` types from 0.5 are removed — see CHANGELOG 0.6.0.
#[cfg(feature = "token")]
pub use token::{AuthSession, BearerVerifier, Expectations, VerifyError};
#[cfg(feature = "well-known-fetch")]
pub use token::PasJwtVerifier;
// Re-export gated on BOTH `token` (the source module) AND
// `test-support` / `cfg(test)` (the consumer-facing flag). Pre-9.C
// the cfg was just `any(test, feature = "test-support")` which broke
// `--no-default-features --features test-support` builds because the
// `token` module itself is gated `feature = "token"`. Tightening
// here is a feature-matrix correctness fix; semantics under default
// features (where `token` is on) are unchanged.
#[cfg(all(feature = "token", any(test, feature = "test-support")))]
pub use token::MemoryBearerVerifier;
// OIDC RP surface — composition root + post-verify shapes + ports.
// `RelyingParty<S>` is the consumer-facing entry point; `RefreshOutcome`
// is the typed boundary return for `RelyingParty::refresh` (replaces
// the 0.7.x `oauth::TokenResponse` re-export).
#[cfg(feature = "token")]
pub use oidc::{Address, IdAssertion, IdTokenVerifier, IdVerifyError, Nonce, ScopePiiReader};
#[cfg(all(feature = "token", any(test, feature = "test-support")))]
pub use oidc::MemoryIdTokenVerifier;
pub use types::{KeyId, Ppnum, PpnumId, SessionId, UserId};
// `Url` is consumer-facing via `Config::new(client_id, redirect_uri: Url, ...)`
// and `Discovery::for_test`. Re-exported so consumers reach the same `url`
// crate version the SDK uses without separately tracking it in their
// Cargo.toml.
#[cfg(feature = "oauth")]
pub use url::Url;