rskit_auth/lib.rs
1//! Authentication — password hashing, API key management, request-context helpers,
2//! and optional JWT/OIDC support.
3//!
4//! Request middleware is fail-closed by default. [`BearerAuthLayer`] reads only
5//! `Authorization: Bearer ...` headers and emits a neutral
6//! `WWW-Authenticate: Bearer` challenge on rejected requests; applications can
7//! add realm/scope-specific challenge policy at their HTTP boundary if needed.
8
9#![warn(missing_docs)]
10
11/// API key generation, hashing, validation, and rotation with grace periods.
12pub mod apikey;
13/// Header-only bearer authentication middleware.
14mod bearer;
15/// Auth claims stored in request extensions / task-locals.
16pub mod context;
17/// JWT sign/verify service.
18#[cfg(feature = "jwt")]
19pub mod jwt;
20/// OpenID Connect (OIDC) support — discovery, token validation, userinfo.
21#[cfg(feature = "oidc")]
22pub mod oidc;
23/// Typed request authentication outcomes.
24pub mod outcome;
25/// Password hashing and reset-token generation.
26pub mod password;
27/// Core `TokenValidator` and `TokenGenerator` traits.
28pub mod traits;
29
30pub use bearer::{BearerAuthLayer, BearerAuthService};
31pub use context::AuthClaims;
32#[cfg(feature = "jwt")]
33pub use jwt::{
34 AsymmetricAlgorithm, JwtAlgorithm, JwtCodec, JwtConfig, JwtHeader, JwtKeyMaterial, JwtService,
35 KeyPair,
36};
37#[cfg(feature = "oidc")]
38pub use oidc::{
39 OidcAuthorizationRequest, OidcClaims, OidcClient, OidcClientType, OidcConfig, OidcError,
40 OidcHttpClient, OidcProviderMetadata, OidcTokenExchangeRequest, OidcUserInfo, PkcePair,
41 ReqwestOidcHttpClient, validate_id_token,
42};
43pub use outcome::{AuthOutcome, MissingCredentialPolicy};
44pub use password::{HashAlgorithm, PasswordHasher, ResetTokenGenerator};
45pub use traits::{TokenGenerator, TokenValidator};