forge_core/auth/mod.rs
1//! Authentication and JWT handling.
2//!
3//! Forge supports JWT authentication with both symmetric (HMAC) and asymmetric
4//! (RSA via JWKS) algorithms. Tokens are validated on every request and claims
5//! are available in the function context.
6//!
7//! # Configuration
8//!
9//! ```toml
10//! [auth]
11//! jwt_algorithm = "RS256"
12//! jwks_url = "https://provider.com/.well-known/jwks.json"
13//! jwt_issuer = "https://provider.com"
14//! jwt_audience = "my-app"
15//! ```
16//!
17//! # Accessing Auth in Functions
18//!
19//! ```ignore
20//! #[forge::query]
21//! async fn get_profile(ctx: &QueryContext) -> Result<User> {
22//! let user_id = ctx.auth.require_user_id()?;
23//! // ...
24//! }
25//! ```
26//!
27//! # Non-UUID Providers
28//!
29//! For providers like Firebase or Clerk that don't use UUID subjects:
30//!
31//! ```ignore
32//! let subject = ctx.auth.require_subject()?; // Returns &str
33//! ```
34//!
35//! # Key Types
36//!
37//! - [`Claims`] - Parsed JWT claims
38//! - [`ClaimsBuilder`] - Builder for constructing claims (testing)
39
40mod claims;
41
42pub use claims::{Claims, ClaimsBuilder};