Expand description
Authentication, authorization, and session management for FraiseQL.
Handles JWT validation, OAuth/OIDC flows, session management, and authorization.
Re-exports§
pub use audit_logger::AuditEntry;pub use audit_logger::AuditEventType;pub use audit_logger::AuditLogger;pub use audit_logger::SecretType;pub use audit_logger::StructuredAuditLogger;pub use audit_logger::get_audit_logger;pub use audit_logger::init_audit_logger;pub use constant_time::ConstantTimeOps;pub use error::AuthError;pub use error::Result;pub use error_sanitizer::AuthErrorSanitizer;pub use error_sanitizer::Sanitizable;pub use error_sanitizer::SanitizedError;pub use error_sanitizer::messages as error_messages;pub use handlers::AuthCallbackQuery;pub use handlers::AuthLogoutRequest;pub use handlers::AuthRefreshRequest;pub use handlers::AuthStartRequest;pub use handlers::AuthState;pub use handlers::auth_callback;pub use handlers::auth_logout;pub use handlers::auth_refresh;pub use handlers::auth_start;pub use jwks::JwksCache;pub use jwt::Claims;pub use jwt::JwtValidator;pub use jwt::generate_hs256_token;pub use jwt::generate_rs256_token;pub use middleware::AuthMiddleware;pub use middleware::AuthenticatedUser;pub use monitoring::AuthEvent;pub use monitoring::AuthMetrics;pub use monitoring::OperationTimer;pub use oauth::AuthorizationRequest;pub use oauth::ExternalAuthProvider;pub use oauth::IdTokenClaims;pub use oauth::NonceParameter;pub use oauth::OAuth2Client;pub use oauth::OAuth2ClientConfig;pub use oauth::OAuthAuditEvent;pub use oauth::OAuthSession;pub use oauth::OIDCClient;pub use oauth::OIDCProviderConfig;pub use oauth::PKCEChallenge;pub use oauth::ProviderFailoverManager;pub use oauth::ProviderRegistry;pub use oauth::ProviderType;pub use oauth::StateParameter;pub use oauth::TokenRefreshScheduler;pub use oauth::TokenRefreshWorker;pub use oauth::TokenRefresher;pub use oidc_provider::OidcProvider;pub use oidc_server_client::OidcEndpoints;pub use oidc_server_client::OidcServerClient;pub use oidc_server_client::OidcTokenResponse;pub use operation_rbac::OperationPermission;pub use operation_rbac::RBACPolicy;pub use operation_rbac::Role;pub use pkce::ConsumedPkceState;pub use pkce::PkceError;pub use pkce::PkceStateStore;pub use provider::OAuthProvider;pub use provider::PkceChallenge;pub use provider::TokenResponse;pub use provider::UserInfo;pub use providers::AzureADOAuth;pub use providers::GitHubOAuth;pub use providers::GoogleOAuth;pub use providers::KeycloakOAuth;pub use providers::create_provider;pub use proxy::ProxyConfig;pub use rate_limiting::RateLimitConfig;Deprecated pub use rate_limiting::AuthRateLimitConfig;pub use rate_limiting::KeyedRateLimiter;pub use rate_limiting::RateLimiters;pub use security_config::AuditLoggingSettings;pub use security_config::ErrorSanitizationSettings;pub use security_config::RateLimitingSettings;pub use security_config::SecurityConfigFromSchema;pub use security_config::StateEncryptionSettings;pub use security_init::init_default_security_config;pub use security_init::init_security_config;pub use security_init::log_security_config;pub use security_init::validate_security_config;pub use session::SessionData;pub use session::SessionStore;pub use session::TokenPair;pub use session_postgres::PostgresSessionStore;pub use state_encryption::DecryptionError;pub use state_encryption::EncryptedState;pub use state_encryption::EncryptionAlgorithm;pub use state_encryption::KeyError;pub use state_encryption::StateEncryption;pub use state_encryption::StateEncryptionConfig;pub use state_encryption::StateEncryptionService;pub use state_encryption::generate_state_encryption_key;pub use state_store::InMemoryStateStore;pub use state_store::StateStore;
Modules§
- audit_
logger - Audit logging for security-critical authentication operations.
- constant_
time - Constant-time comparison utilities to prevent timing-based side-channel attacks.
- error
- Authentication error types.
- error_
sanitizer - Error sanitization layer — separates user-facing messages from internal details.
- handlers
- HTTP handlers for the built-in authentication endpoints (
/auth/start,/auth/callback,/auth/refresh,/auth/logout). - jwks
- JWKS (JSON Web Key Set) cache for OIDC ID token signature verification.
- jwt
- JWT validation, claims parsing, and token generation.
- middleware
- Authentication middleware for Axum request handlers.
- monitoring
- Authentication monitoring and observability.
- oauth
- OAuth2 and OIDC authentication support with JWT validation, provider discovery, and automatic user provisioning.
- oidc_
provider - Generic OIDC provider implementation using RFC 8414 discovery.
- oidc_
server_ client - Server-side OIDC client for PKCE authorization code flows.
- operation_
rbac - Operation-level Role-Based Access Control (RBAC).
- pkce
- PKCE state store — RFC 7636 Proof Key for Code Exchange.
- provider
- OAuth 2.0 / OIDC provider trait and core data types.
- providers
- Provider-specific OAuth / OIDC implementations.
- proxy
- Proxy and IP address extraction with security validation
- rate_
limiting - Rate limiting for brute-force and abuse protection.
- security_
config - Security configuration loading and initialization
- security_
init - Security system initialization from compiled schema configuration
- session
- Session management — trait definition and helper functions.
- session_
postgres - PostgreSQL-backed
SessionStoreimplementation. - state_
encryption - State encryption for PKCE and OAuth state parameter protection.
- state_
store - CSRF state store — trait definition and backends.