secure_identity 0.1.2

Authentication helpers for JWT, OIDC, MFA, API keys, sessions, and step-up policy.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

//! Authenticator trait and request/result types.

pub(crate) mod private {
    /// Sealing marker — prevents external crates from implementing [`super::Authenticator`].
    pub trait Sealed {}
}

/// The kind of authentication token.
///
/// # Examples
///
/// ```
/// use secure_identity::authenticator::TokenKind;
///
/// let kind = TokenKind::BearerJwt;
/// ```
pub enum TokenKind {
    /// A Bearer JWT token.
    BearerJwt,
    /// An API key.
    ApiKey,
    /// A session cookie.
    SessionCookie,
}

/// A request to authenticate a token.
///
/// # Examples
///
/// ```
/// use secure_identity::authenticator::{AuthenticationRequest, TokenKind};
///
/// let request = AuthenticationRequest {
///     token: "my-token".to_string(),
///     token_kind: TokenKind::BearerJwt,
/// };
/// ```
pub struct AuthenticationRequest {
    /// The raw token string.
    pub token: String,
    /// The kind of token being presented.
    pub token_kind: TokenKind,
}

/// A sealed trait for authenticating tokens.
///
/// This trait is sealed — only types within this crate can implement it.
#[allow(async_fn_in_trait)]
pub trait Authenticator: private::Sealed {
    /// Authenticates the given request and returns an [`security_core::identity::AuthenticatedIdentity`] on success.
    async fn authenticate(
        &self,
        request: &AuthenticationRequest,
    ) -> Result<security_core::identity::AuthenticatedIdentity, crate::error::IdentityError>;
}