ppoppo-sdk-core 0.2.0

Internal shared primitives for the Ppoppo SDK family (pas-external, pas-plims, pcs-external) — verifier port, audit trait, session liveness port, OIDC discovery, perimeter Bearer-auth Layer kit, identity types. Not a stable public API; do not depend on this crate directly. Consume the SDK crates that re-export from it (e.g. `pas-external`).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

//! `VerifyConfig` — per-deployment verification expectations.
//!
//! Phase A audit decision G renamed `Expectations` → `VerifyConfig` to
//! disambiguate from the consumer-side `AuthSession` types and to use
//! a name closer to the engine's `ppoppo_token::access_token::VerifyConfig`.

/// Per-deployment expectations folded into the verifier at construction.
///
/// `issuer` is the PAS instance URL (`accounts.ppoppo.com` in
/// production); `audience` is the consumer's OAuth `client_id`. Both
/// are static per-deployment — multi-tenant consumers instantiate
/// multiple verifiers, never rotate `VerifyConfig` on the per-call hot
/// path.
///
/// Held inside [`super::JwtVerifier`] (and optionally inside
/// [`super::MemoryBearerVerifier`]) so the
/// [`super::BearerVerifier::verify`] signature stays one-parameter —
/// the port is as small as it can be while still doing meaningful work.
#[derive(Debug, Clone)]
pub struct VerifyConfig {
    pub issuer: String,
    pub audience: String,
}

impl VerifyConfig {
    /// Construct from owned strings. Consumer wiring typically reads
    /// these from environment variables at startup.
    #[must_use]
    pub fn new(issuer: impl Into<String>, audience: impl Into<String>) -> Self {
        Self {
            issuer: issuer.into(),
            audience: audience.into(),
        }
    }
}