pas-external 0.8.0

Ppoppo Accounts System (PAS) external SDK — OAuth2 PKCE, JWT verification port, Axum middleware, session liveness
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

//! PAS-backed session liveness primitives.
//!
//! When a consumer persists PAS `refresh_token`s server-side and treats
//! PAS as the single source of truth for session validity, the code path
//! is always the same:
//!
//! 1. Encrypt the `refresh_token` at rest.
//! 2. Periodically ask PAS "is this session still live?" via
//!    [`attempt_liveness_refresh`].
//! 3. Distinguish a *revoked* session from a *transient* failure.
//!
//! This module ships the pieces every consumer needs for that shape:
//!
//! - [`TokenCipher`] — AES-256-GCM wrapper for at-rest encryption.
//! - [`LivenessOutcome`] — classification of a single liveness attempt.
//! - [`attempt_liveness_refresh`] — the decrypt → call PAS →
//!   re-encrypt sequence wrapped as one call. Now generic over
//!   `P: PasAuthPort`.
//!
//! See `pas_external::pas_port` for the underlying port.

mod cipher;
mod liveness;

pub use cipher::{CipherError, EncryptedRefreshToken, TokenCipher};
pub use liveness::{
    LivenessFailure, LivenessOutcome, RevokeCause, TransientCause, attempt_liveness_refresh,
};