Skip to main content

AuthConfig

forge_core::config

Struct AuthConfig 

Source 
#[non_exhaustive]
pub struct AuthConfig {
Show 15 fields
    pub jwt_secret: Option<String>,
    pub jwt_algorithm: JwtAlgorithm,
    pub jwt_issuer: Option<String>,
    pub jwt_audience: Option<String>,
    pub access_token_ttl: Option<DurationStr>,
    pub refresh_token_ttl: Option<DurationStr>,
    pub jwks_url: Option<String>,
    pub jwks_cache_ttl: DurationStr,
    pub session_ttl: DurationStr,
    pub jwt_leeway: DurationStr,
    pub audience_required: bool,
    pub required_claims: Vec<String>,
    pub session_cookie_ttl: Option<DurationStr>,
    pub jwks_require_kid: bool,
    pub legacy_secrets: Vec<LegacySecret>,

}
Expand description

Authentication configuration.

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§jwt_secret: Option<String>

Required for HS256.

§jwt_algorithm: JwtAlgorithm§jwt_issuer: Option<String>

If set, tokens with a different issuer are rejected.

§jwt_audience: Option<String>

If set, tokens with a different audience are rejected.

§access_token_ttl: Option<DurationStr>

Access token lifetime (e.g., “15m”, “1h”). Used by ctx.issue_token_pair().

§refresh_token_ttl: Option<DurationStr>

Refresh token lifetime (e.g., “7d”, “30d”). Used by ctx.issue_token_pair().

§jwks_url: Option<String>

Required for RS256; keys are fetched and cached automatically.

§jwks_cache_ttl: DurationStr

JWKS cache TTL duration (e.g. “1h”, “30m”).

§session_ttl: DurationStr

Session TTL duration (e.g. “7d”, “24h”). Used for WebSocket sessions.

§jwt_leeway: DurationStr

Clock-skew tolerance for exp / nbf validation (e.g. “60s”, “5m”). Sites with NTP-synchronized clocks can drop this to “5s”; older deployments or clients with drifting clocks may need higher. Defaults to “60s”.

§audience_required: bool

When true (default), jwt_audience must be set when auth is enabled. Set to false only during migration.

§required_claims: Vec<String>

JWT spec claims that must be present in every token. Defaults to ["exp", "sub"]. Add "aud" here for claim-level enforcement in addition to the jwt_audience equality check.

§session_cookie_ttl: Option<DurationStr>

Used for OAuth consent flow cookies. Defaults to the access token TTL.

§jwks_require_kid: bool

Reject RS256 tokens that arrive without a kid header. Default: true. On shared issuers (Firebase, Clerk multi-app) a kidless token would validate against an arbitrary cached key, accepting tokens signed by any app the issuer exposes. Set to false only for providers that genuinely omit kid in token headers (rare).

§legacy_secrets: Vec<LegacySecret>

Old HMAC secrets still accepted for validation (never for signing). Each entry carries a mandatory valid_until timestamp; expired entries are silently dropped at middleware construction.

Implementations§

Source§

impl AuthConfig

Source

pub fn access_token_ttl_secs(&self) -> i64

Resolved access token TTL in seconds. Minimum 1 to prevent zero-lifetime tokens.

Source

pub fn refresh_token_ttl_days(&self) -> i64

Resolved refresh token TTL in days. Default 30; sub-day values floor to 1.

Resolved session cookie TTL in seconds. Falls back to access_token_ttl_secs().

Source

pub fn is_configured(&self) -> bool

Returns true when any credential or claim validation field is set.

Source

pub fn validate(&self) -> Result<()>

Validate that the config is complete for the chosen algorithm.

Source

pub fn is_hmac(&self) -> bool

Check if this config uses HMAC (symmetric) algorithms.

Source

pub fn is_rsa(&self) -> bool

Check if this config uses RSA (asymmetric) algorithms.

Trait Implementations§

Source§

impl Clone for AuthConfig

Source§

fn clone(&self) -> AuthConfig

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AuthConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for AuthConfig

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for AuthConfig

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for AuthConfig

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,