serverless_workflow_core/models/
authentication.rs

1use serde_derive::{Deserialize, Serialize};
2
3/// Provvides the default OAUTH2 rezquest encoding
4fn default_oauth2_request_encoding() -> String{
5    OAuth2RequestEncoding::FORM_URL.to_string()
6}
7
8/// Provides the default OAUTH2 token endpoint
9fn default_token_endpoint() -> String{
10    "/oauth2/token".to_string()
11}
12
13/// Provides the default OAUTH2 revocation endpoint
14fn default_revocation_endpoint() -> String{
15    "/oauth2/revoke".to_string()
16}
17
18/// Provides the default OAUTH2 introspection endpoint
19fn default_introspection_endpoint() -> String{
20    "/oauth2/introspect".to_string()
21}
22
23/// Enumerates all supported authentication schemes
24pub struct AuthenticationScheme;
25impl AuthenticationScheme {
26    /// Gets the Basic authentication scheme
27    pub const BASIC: &'static str = "Basic";
28    /// Gets the Bearer authentication scheme
29    pub const BEARER: &'static str = "Bearer";
30    /// Gets the Certificate authentication scheme
31    pub const CERTIFICATE: &'static str = "Certificate";
32    /// Gets the Digest authentication scheme
33    pub const DIGEST: &'static str = "Digest";
34    /// Gets the OAuth2 authentication scheme
35    pub const OAUTH2: &'static str = "OAuth2";
36    /// Gets the OpenIDConnect authentication scheme
37    pub const OIDC: &'static str = "OpenIDConnect";
38}
39
40/// Enumerates all supported OAUTH2 authentication methods
41pub struct OAuth2ClientAuthenticationMethod;
42impl OAuth2ClientAuthenticationMethod{
43    /// Represents the "client_secret_basic" authentication method, where the client secret is sent using HTTP Basic Authentication.
44    pub const BASIC: &'static str = "client_secret_basic";
45    /// Represents the "client_secret_post" authentication method, where the client secret is sent in the body of the POST request.
46    pub const POST: &'static str = "client_secret_post";
47    /// Represents the "client_secret_jwt" authentication method, where the client authenticates using a JWT signed with the client secret.
48    pub const JWT: &'static str = "client_secret_jwt";
49    /// Represents the "private_key_jwt" authentication method, where the client authenticates using a JWT signed with a private key.
50    pub const PRIVATE_KEY: &'static str = "private_key_jwt";
51    /// Represents the "none" authentication method, where no client authentication is performed.
52    pub const NONE: &'static str = "none";
53}
54
55/// Exposes all supported request encodings for OAUTH2 requests
56pub struct OAuth2RequestEncoding;
57impl OAuth2RequestEncoding{
58    /// Represents the "application/x-www-form-urlencoded" content type
59    pub const FORM_URL: &'static str = "application/x-www-form-urlencoded";
60    /// Represents the "application/json" content type
61    pub const JSON: &'static str = "application/json";
62}
63
64/// Represents the definition of an authentication policy
65#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
66pub struct AuthenticationPolicyDefinition{
67
68    /// Gets/sets the name of the top level authentication policy to use, if any
69    #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
70    pub use_: Option<String>,
71
72    /// Gets/sets the `basic` authentication scheme to use, if any
73    #[serde(rename = "basic", skip_serializing_if = "Option::is_none")]
74    pub basic : Option<BasicAuthenticationSchemeDefinition>,
75
76    /// Gets/sets the `Bearer` authentication scheme to use, if any
77    #[serde(rename = "bearer", skip_serializing_if = "Option::is_none")]
78    pub bearer : Option<BearerAuthenticationSchemeDefinition>,
79
80    /// Gets/sets the `Certificate` authentication scheme to use, if any
81    #[serde(rename = "certificate", skip_serializing_if = "Option::is_none")]
82    pub certificate : Option<CertificateAuthenticationSchemeDefinition>,
83
84    /// Gets/sets the `Digest` authentication scheme to use, if any
85    #[serde(rename = "digest", skip_serializing_if = "Option::is_none")]
86    pub digest : Option<DigestAuthenticationSchemeDefinition>,
87
88    /// Gets/sets the `OAUTH2` authentication scheme to use, if any
89    #[serde(rename = "oauth2", skip_serializing_if = "Option::is_none")]
90    pub oauth2 : Option<OAuth2AuthenticationSchemeDefinition>,
91
92    /// Gets/sets the `OIDC` authentication scheme to use, if any
93    #[serde(rename = "oidc", skip_serializing_if = "Option::is_none")]
94    pub oidc : Option<OpenIDConnectSchemeDefinition>
95
96}
97/// A trait that all authentication schemes must implement
98pub trait AuthenticationSchemeDefinition {
99    /// Returns the name of the authentication scheme
100    fn scheme(&self) -> &str;
101}
102
103/// Represents the definition of a basic authentication scheme
104#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
105pub struct BasicAuthenticationSchemeDefinition{
106
107    /// Gets/sets the name of the secret, if any, used to configure the authentication scheme
108    #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
109    pub use_: Option<String>,
110
111    /// Gets/sets the username used for authentication
112    #[serde(rename = "username", skip_serializing_if = "Option::is_none")]
113    pub username : Option<String>,
114
115    /// Gets/sets the password used for authentication
116    #[serde(rename = "password", skip_serializing_if = "Option::is_none")]
117    pub password : Option<String>
118
119}
120impl AuthenticationSchemeDefinition for BasicAuthenticationSchemeDefinition {
121    fn scheme(&self) -> &str {
122        AuthenticationScheme::BASIC
123    }
124}
125
126/// Represents the definition of a bearer authentication scheme
127#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
128pub struct BearerAuthenticationSchemeDefinition{
129
130    /// Gets/sets the name of the secret, if any, used to configure the authentication scheme
131    #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
132    pub use_: Option<String>,
133
134    /// Gets/sets the bearer token used for authentication
135    #[serde(rename = "token", skip_serializing_if = "Option::is_none")]
136    pub token : Option<String>
137
138}
139impl AuthenticationSchemeDefinition for BearerAuthenticationSchemeDefinition{
140    fn scheme(&self) -> &str {
141        AuthenticationScheme::BEARER
142    }
143}
144
145/// Represents the definition of a certificate authentication scheme
146#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
147pub struct CertificateAuthenticationSchemeDefinition{
148
149    /// Gets/sets the name of the secret, if any, used to configure the authentication scheme
150    #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
151    pub use_: Option<String>,
152
153}
154impl AuthenticationSchemeDefinition for CertificateAuthenticationSchemeDefinition{
155    fn scheme(&self) -> &str {
156        AuthenticationScheme::CERTIFICATE
157    }
158}
159
160/// Represents the definition of a digest authentication scheme
161#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
162pub struct DigestAuthenticationSchemeDefinition{
163
164    /// Gets/sets the name of the secret, if any, used to configure the authentication scheme
165    #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
166    pub use_: Option<String>,
167
168    /// Gets/sets the username used for authentication
169    #[serde(rename = "username", skip_serializing_if = "Option::is_none")]
170    pub username : Option<String>,
171
172    /// Gets/sets the password used for authentication
173    #[serde(rename = "password", skip_serializing_if = "Option::is_none")]
174    pub password : Option<String>
175
176}
177impl AuthenticationSchemeDefinition for DigestAuthenticationSchemeDefinition{
178    fn scheme(&self) -> &str {
179        AuthenticationScheme::DIGEST
180    }
181}
182
183/// Represents the definition of an OAUTH2 client
184#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
185pub struct OAuth2AuthenticationClientDefinition{
186
187    /// Gets/sets the OAUTH2 `client_id` to use. Required if 'Authentication' has NOT been set to 'none'.
188    #[serde(rename = "id", skip_serializing_if = "Option::is_none")]
189    pub id : Option<String>,
190
191    /// Gets/sets the OAUTH2 `client_secret` to use, if any
192    #[serde(rename = "secret", skip_serializing_if = "Option::is_none")]
193    pub secret : Option<String>,
194
195    /// Gets/sets a JWT, if any, containing a signed assertion with the application credentials
196    #[serde(rename = "assertion", skip_serializing_if = "Option::is_none")]
197    pub assertion : Option<String>,
198
199    /// Gets/sets the authentication method to use to authenticate the client. Defaults to 'client_secret_post'
200    #[serde(rename = "authentication", skip_serializing_if = "Option::is_none")]
201    pub authentication : Option<String>,
202
203}
204
205/// Represents the configuration of an OAUTH2 authentication request
206#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
207pub struct OAuth2AuthenticationRequestDefinition{
208
209    /// Gets/sets the encoding of the authentication request. Defaults to 'application/x-www-form-urlencoded'
210    #[serde(rename = "encoding", default = "default_oauth2_request_encoding")]
211    pub encoding : String
212
213}
214
215/// Represents the definition of an OAUTH2 token
216#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
217pub struct OAuth2TokenDefinition{
218
219    /// Gets/sets the security token to use
220    #[serde(rename = "encoding")]
221    pub token : String,
222
223    /// Gets/sets the type of security token to use
224    #[serde(rename = "type")]
225    pub type_ : String
226
227}
228
229/// Represents the configuration of OAUTH2 endpoints/// Represents the configuration of OAUTH2 endpoints
230#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
231pub struct OAuth2AuthenticationEndpointsDefinition{
232
233    /// Gets/sets the relative path to the token endpoint. Defaults to `/oauth2/token`
234    #[serde(rename = "token", default = "default_token_endpoint")]
235    pub token : String,
236
237    /// Gets/sets the relative path to the revocation endpoint. Defaults to `/oauth2/revoke`
238    #[serde(rename = "revocation", default = "default_revocation_endpoint")]
239    pub revocation : String,
240
241    /// Gets/sets the relative path to the introspection endpoint. Defaults to `/oauth2/introspect`
242    #[serde(rename = "introspection", default = "default_introspection_endpoint")]
243    pub introspection : String,
244
245}
246
247/// Represents the definition of an OAUTH2 authentication scheme
248#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
249pub struct OAuth2AuthenticationSchemeDefinition{
250
251    /// Gets/sets the name of the secret, if any, used to configure the authentication scheme
252    #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
253    pub use_: Option<String>,
254
255    /// Gets/sets the configuration of the OAUTH2 endpoints to use
256    #[serde(rename = "endpoints", skip_serializing_if = "Option::is_none")]
257    pub endpoints : Option<OAuth2AuthenticationEndpointsDefinition>,
258
259    /// Gets/sets the URI that references the OAUTH2 authority to use.
260    #[serde(rename = "authority", skip_serializing_if = "Option::is_none")]
261    pub authority: Option<String>,
262
263    /// Gets/sets the grant type to use.
264    #[serde(rename = "grant", skip_serializing_if = "Option::is_none")]
265    pub grant: Option<String>,
266
267    /// Gets/sets the definition of the client to use.
268    #[serde(rename = "client", skip_serializing_if = "Option::is_none")]
269    pub client: Option<OAuth2AuthenticationClientDefinition>,
270
271    /// Gets/sets the configuration of the authentication request to perform.
272    #[serde(rename = "request", skip_serializing_if = "Option::is_none")]
273    pub request: Option<OAuth2AuthenticationRequestDefinition>,
274
275    /// Gets/sets a list of valid issuers for token checks.
276    #[serde(rename = "issuers", skip_serializing_if = "Option::is_none")]
277    pub issuers: Option<Vec<String>>, // Using Vec<String> for EquatableList<string>
278
279    /// Gets/sets the scopes to request the token for.
280    #[serde(rename = "scopes", skip_serializing_if = "Option::is_none")]
281    pub scopes: Option<Vec<String>>,
282
283    /// Gets/sets the audiences to request the token for.
284    #[serde(rename = "audiences", skip_serializing_if = "Option::is_none")]
285    pub audiences: Option<Vec<String>>,
286
287    /// Gets/sets the username to use (for Password grant).
288    #[serde(rename = "username", skip_serializing_if = "Option::is_none")]
289    pub username: Option<String>,
290
291    /// Gets/sets the password to use (for Password grant).
292    #[serde(rename = "password", skip_serializing_if = "Option::is_none")]
293    pub password: Option<String>,
294
295    /// Gets/sets the token representing the identity of the party on whose behalf the request is made.
296    #[serde(rename = "subject", skip_serializing_if = "Option::is_none")]
297    pub subject: Option<OAuth2TokenDefinition>,
298
299    /// Gets/sets the token representing the acting party's identity.
300    #[serde(rename = "actor", skip_serializing_if = "Option::is_none")]
301    pub actor: Option<OAuth2TokenDefinition>
302
303}
304impl AuthenticationSchemeDefinition for OAuth2AuthenticationSchemeDefinition{
305    fn scheme(&self) -> &str {
306        AuthenticationScheme::OAUTH2
307    }
308}
309
310/// Represents the definition of an OpenIDConnect authentication scheme
311#[derive(Debug, Default, Clone, PartialEq, Serialize, Deserialize)]
312pub struct OpenIDConnectSchemeDefinition{
313
314    /// Gets/sets the name of the secret, if any, used to configure the authentication scheme
315    #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
316    pub use_: Option<String>,
317
318    /// Gets/sets the URI that references the OAUTH2 authority to use.
319    #[serde(rename = "authority", skip_serializing_if = "Option::is_none")]
320    pub authority: Option<String>,
321
322    /// Gets/sets the grant type to use.
323    #[serde(rename = "grant", skip_serializing_if = "Option::is_none")]
324    pub grant: Option<String>,
325
326    /// Gets/sets the definition of the client to use.
327    #[serde(rename = "client", skip_serializing_if = "Option::is_none")]
328    pub client: Option<OAuth2AuthenticationClientDefinition>,
329
330    /// Gets/sets the configuration of the authentication request to perform.
331    #[serde(rename = "request", skip_serializing_if = "Option::is_none")]
332    pub request: Option<OAuth2AuthenticationRequestDefinition>,
333
334    /// Gets/sets a list of valid issuers for token checks.
335    #[serde(rename = "issuers", skip_serializing_if = "Option::is_none")]
336    pub issuers: Option<Vec<String>>, // Using Vec<String> for EquatableList<string>
337
338    /// Gets/sets the scopes to request the token for.
339    #[serde(rename = "scopes", skip_serializing_if = "Option::is_none")]
340    pub scopes: Option<Vec<String>>,
341
342    /// Gets/sets the audiences to request the token for.
343    #[serde(rename = "audiences", skip_serializing_if = "Option::is_none")]
344    pub audiences: Option<Vec<String>>,
345
346    /// Gets/sets the username to use (for Password grant).
347    #[serde(rename = "username", skip_serializing_if = "Option::is_none")]
348    pub username: Option<String>,
349
350    /// Gets/sets the password to use (for Password grant).
351    #[serde(rename = "password", skip_serializing_if = "Option::is_none")]
352    pub password: Option<String>,
353
354    /// Gets/sets the token representing the identity of the party on whose behalf the request is made.
355    #[serde(rename = "subject", skip_serializing_if = "Option::is_none")]
356    pub subject: Option<OAuth2TokenDefinition>,
357
358    /// Gets/sets the token representing the acting party's identity.
359    #[serde(rename = "actor", skip_serializing_if = "Option::is_none")]
360    pub actor: Option<OAuth2TokenDefinition>
361
362}
363impl AuthenticationSchemeDefinition for OpenIDConnectSchemeDefinition{
364    fn scheme(&self) -> &str {
365        AuthenticationScheme::OIDC
366    }
367}