Expand description
§Hessra Token
Core verification library for Hessra authentication tokens.
This crate provides functionality for creating, verifying and attenuating biscuit tokens used in the Hessra authentication system. It is designed to be WASM-compatible and has no networking dependencies.
§Features
- Token creation: Create new tokens with configurable time settings
- Token verification: Verify tokens without contacting the authorization server
- Token attestation: Add service node attestations to tokens
- WASM compatibility: Can be compiled to WebAssembly for use in browsers
§Usage
use hessra_token::{create_biscuit, verify_token_local, biscuit_key_from_string, TokenTimeConfig, KeyPair, encode_token};
fn main() -> Result<(), hessra_token::TokenError> {
// Create a new token
let keypair = KeyPair::new();
let token = create_biscuit(
"user123".to_string(),
"resource456".to_string(),
keypair,
TokenTimeConfig::default(),
).map_err(|e| hessra_token::TokenError::generic(e.to_string()))?;
// Verify the token
let token_string = encode_token(&token);
let public_key = biscuit_key_from_string("ed25519/01234567890abcdef".to_string())?;
verify_token_local(&token_string, public_key, "user123", "resource456")?;
println!("Token creation and verification successful!");
Ok(())
}Structs§
- Biscuit
- This structure represents a valid Biscuit token
- Service
Node - Token
Time Config - TokenTimeConfig allows control over token creation times and durations This is used to create tokens with custom start times and durations for testing purposes. In the future, this can be enhanced to support variable length tokens, such as long-lived bearer tokens.
Enums§
- KeyPair
- pair of cryptographic keys used to sign a token’s block
- Public
Key - the public part of a KeyPair
- Token
Error - Error type for hessra-token operations
Functions§
- add_
service_ node_ attenuation - Add a service node attestation to a token
- biscuit_
key_ from_ string - Takes a public key encoded as a string in the format “ed25519/…” or “secp256r1/…” and returns a PublicKey.
- create_
biscuit - Creates a new biscuit token with the specified subject and resource.
- create_
service_ chain_ biscuit - Creates a new biscuit token with service chain attestations. Creates a new biscuit token with service chain attestations.
- create_
service_ chain_ token - create_
service_ chain_ token_ with_ time - create_
token - create_
token_ with_ time - decode_
token - Decode a URL-safe base64 encoded token string to binary
- encode_
token - Encode binary token data to URL-safe base64 string
- parse_
token - Extracts and parses a Biscuit token from a URL-safe base64 string
- public_
key_ from_ pem_ file - verify_
biscuit_ local - Verifies a Biscuit authorization token locally without contacting the authorization server.
- verify_
service_ chain_ biscuit_ local - verify_
service_ chain_ token_ local - verify_
token_ local - Verifies a Biscuit authorization token locally without contacting the authorization server.