Expand description
§Hessra Token
Core verification library for Hessra authentication tokens.
This crate provides functionality for creating, verifying and attesting biscuit tokens used in the Hessra authentication system. It is designed to be WASM-compatible and has no networking dependencies.
§Features
- Token creation: Create new tokens with configurable time settings
- Token verification: Verify tokens without contacting the authorization server
- Token attestation: Add service node attestations to tokens
- WASM compatibility: Can be compiled to WebAssembly for use in browsers
§Usage
use hessra_token::{create_biscuit, verify_token_local, biscuit_key_from_string, TokenTimeConfig, KeyPair, encode_token};
fn main() -> Result<(), hessra_token::TokenError> {
// Create a new token
let keypair = KeyPair::new();
let token = create_biscuit(
"user123".to_string(),
"resource456".to_string(),
"read".to_string(),
keypair,
TokenTimeConfig::default(),
).map_err(|e| hessra_token::TokenError::generic(e.to_string()))?;
// Verify the token
let token_string = encode_token(&token);
let public_key = biscuit_key_from_string("ed25519/01234567890abcdef".to_string())?;
verify_token_local(&token_string, public_key, "user123", "resource456", "read")?;
println!("Token creation and verification successful!");
Ok(())
}Structs§
- Biscuit
- This structure represents a valid Biscuit token
- Service
Node - Token
Time Config - TokenTimeConfig allows control over token creation times and durations This is used to create tokens with custom start times and durations for testing purposes. In the future, this can be enhanced to support variable length tokens, such as long-lived bearer tokens.
Enums§
- KeyPair
- pair of cryptographic keys used to sign a token’s block
- Public
Key - the public part of a KeyPair
- Token
Error - Error type for hessra-token operations
Functions§
- add_
multi_ party_ attestation - Add a multi-party attestation to a token
- add_
multi_ party_ attestation_ to_ token - Add a multi-party attestation to a base64-encoded token string
- add_
service_ node_ attestation - Add a service node attestation to a token
- biscuit_
key_ from_ string - Takes a public key encoded as a string in the format “ed25519/…” or “secp256r1/…” and returns a PublicKey.
- create_
biscuit - Creates a new biscuit token with the specified subject and resource.
- create_
multi_ party_ biscuit - Creates a new biscuit token with multi-party attestations.
- create_
multi_ party_ biscuit_ with_ time - Creates a new biscuit token with multi-party attestations and custom time settings.
- create_
multi_ party_ token - Creates a new multi-party biscuit token with default time configuration.
- create_
multi_ party_ token_ with_ time - create_
raw_ multi_ party_ biscuit - Creates a new biscuit token with multi-party attestations.
- create_
service_ chain_ biscuit - Creates a new biscuit token with service chain attestations. Creates a new biscuit token with service chain attestations.
- create_
service_ chain_ token - Creates a service chain biscuit token with default time configuration.
- create_
service_ chain_ token_ with_ time - Creates a service chain biscuit token with custom time configuration.
- create_
token - Creates a biscuit token with default time configuration.
- create_
token_ with_ time - Creates a biscuit token with custom time configuration.
- decode_
token - Decode a URL-safe base64 encoded token string to binary
- encode_
token - Encode binary token data to URL-safe base64 string
- parse_
token - Extracts and parses a Biscuit token from a URL-safe base64 string
- public_
key_ from_ pem_ file - verify_
biscuit_ local - Verifies a Biscuit authorization token locally without contacting the authorization server.
- verify_
service_ chain_ biscuit_ local - verify_
service_ chain_ token_ local - verify_
token_ local - Verifies a Biscuit authorization token locally without contacting the authorization server.