velocia 0.3.5

velocia – production-ready AI agent framework using ADK-Rust, A2A protocol, and AWS DynamoDB
use serde::{Deserialize, Serialize};
use std::collections::HashMap;

#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default)]
#[serde(rename_all = "lowercase")]
pub enum AuthType {
    #[default]
    NoAuth,
    Cognito,
}

/// Security-scheme definition (mirrors OpenAPI `SecurityScheme`).
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SecurityScheme {
    #[serde(rename = "type")]
    pub scheme_type: String,
    /// For OAuth2/OIDC: the JWKS endpoint URL.
    pub description: Option<String>,
    pub flows: Option<serde_json::Value>,
    #[serde(flatten)]
    pub extra: HashMap<String, serde_json::Value>,
}

/// Authentication configuration used on both server (middleware) and client
/// (outbound credential service) sides.
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct AuthConfig {
    pub security_schemes: Option<HashMap<String, SecurityScheme>>,
    /// OpenAPI-style security requirement list, e.g. `[{"oauth": ["read"]}]`.
    pub security: Option<Vec<HashMap<String, Vec<String>>>>,
    #[serde(default)]
    pub auth_type: AuthType,
}

impl AuthConfig {
    /// Returns the first security scheme name and its required scopes.
    pub fn first_scheme(&self) -> Option<(String, Vec<String>)> {
        self.security
            .as_ref()?
            .first()
            .and_then(|req| req.iter().next())
            .map(|(k, v)| (k.clone(), v.clone()))
    }

    pub fn is_no_auth(&self) -> bool {
        self.auth_type == AuthType::NoAuth
    }
}