Type Alias gotham_restful::AuthValidation

source · 
pub type AuthValidation = Validation;

Aliased Type§

struct AuthValidation {
    pub required_spec_claims: HashSet<String>,
    pub leeway: u64,
    pub reject_tokens_expiring_in_less_than: u64,
    pub validate_exp: bool,
    pub validate_nbf: bool,
    pub validate_aud: bool,
    pub aud: Option<HashSet<String>>,
    pub iss: Option<HashSet<String>>,
    pub sub: Option<String>,
    pub algorithms: Vec<Algorithm>,
    /* private fields */
}

Fields§

§required_spec_claims: HashSet<String>

Which claims are required to be present before starting the validation. This does not interact with the various validate_*. If you remove exp from that list, you still need to set validate_exp to false. The only value that will be used are “exp”, “nbf”, “aud”, “iss”, “sub”. Anything else will be ignored.

Defaults to {"exp"}

§leeway: u64

Add some leeway (in seconds) to the exp and nbf validation to account for clock skew.

Defaults to 60.

§reject_tokens_expiring_in_less_than: u64

Reject a token some time (in seconds) before the exp to prevent expiration in transit over the network.

The value is the inverse of leeway, subtracting from the validation time.

Defaults to 0.

§validate_exp: bool

Whether to validate the exp field.

It will return an error if the time in the exp field is past.

Defaults to true.

§validate_nbf: bool

Whether to validate the nbf field.

It will return an error if the current timestamp is before the time in the nbf field.

Defaults to false.

§validate_aud: bool

Whether to validate the aud field.

It will return an error if the aud field is not a member of the audience provided.

Defaults to true. Very insecure to turn this off. Only do this if you know what you are doing.

§aud: Option<HashSet<String>>

Validation will check that the aud field is a member of the audience provided and will error otherwise. Use set_audience to set it

Defaults to None.

§iss: Option<HashSet<String>>

If it contains a value, the validation will check that the iss field is a member of the iss provided and will error otherwise. Use set_issuer to set it

Defaults to None.

§sub: Option<String>

If it contains a value, the validation will check that the sub field is the same as the one provided and will error otherwise.

Defaults to None.

§algorithms: Vec<Algorithm>

The validation will check that the alg of the header is contained in the ones provided and will error otherwise. Will error if it is empty.

Defaults to vec![Algorithm::HS256].