ic_auth_client/
api.rs

1//! Internet Identity authentication types and utilities.
2//!
3//! This module provides types and structures for handling authentication
4//! requests and responses with the Internet Identity Service on the Internet Computer.
5//! It includes request structures, response parsing, and authentication flow management.
6
7use ic_agent::identity::SignedDelegation;
8use serde::{Deserialize, Serialize};
9
10/// Represents an Internet Identity authentication request.
11///
12/// This struct is used to send an authentication request to the Internet Identity Service.
13/// It includes all the necessary parameters that the Internet Identity Service needs to authenticate a user.
14#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
15#[serde(rename_all = "camelCase")]
16pub struct InternetIdentityAuthRequest {
17    /// The kind of request. This is typically set to "authorize-client".
18    pub kind: String,
19    /// The public key of the session.
20    pub session_public_key: Vec<u8>,
21    /// The maximum time to live for the session, in nanoseconds. If not provided, a default value is used.
22    #[serde(skip_serializing_if = "Option::is_none")]
23    pub max_time_to_live: Option<u64>,
24    /// If present, indicates whether or not the Identity Provider should allow the user to authenticate and/or register using a temporary key/PIN identity.
25    #[serde(skip_serializing_if = "Option::is_none")]
26    pub allow_pin_authentication: Option<bool>,
27    /// Origin for Identity Provider to use while generating the delegated identity. For II, the derivation origin must authorize this origin by setting a record at `<derivation-origin>/.well-known/ii-alternative-origins`.
28    #[serde(skip_serializing_if = "Option::is_none")]
29    pub derivation_origin: Option<String>,
30}
31
32/// Represents a successful authentication response.
33///
34/// This struct is used to store the details of a successful authentication response from the Internet Identity Service.
35/// It includes the delegations, the user's public key, and the authentication method used.
36#[derive(Debug, Clone, Serialize, Deserialize)]
37#[serde(rename_all = "camelCase")]
38pub struct AuthResponseSuccess {
39    /// The delegations provided by the user during the authentication process.
40    pub delegations: Vec<SignedDelegation>,
41    /// The public key of the user.
42    pub user_public_key: Vec<u8>,
43    /// The authentication method used by the user.
44    pub authn_method: String,
45}
46
47/// Represents a response message from the Identity Service.
48///
49/// This struct is used to store the details of a response message from the Identity Service.
50/// It includes the kind of the response, the delegations, the user's public key, the authentication method used,
51/// and the error message in case of failure.
52#[derive(Debug, Clone, Deserialize)]
53#[serde(rename_all = "camelCase")]
54pub struct IdentityServiceResponseMessage {
55    /// The kind of the response. This is typically set to "authorize-ready", "authorize-client-success", or "authorize-client-failure".
56    kind: String,
57    /// The delegations provided by the user during the authentication process. This is present in case of a successful authentication.
58    delegations: Option<Vec<SignedDelegation>>,
59    /// The public key of the user. This is present in case of a successful authentication.
60    user_public_key: Option<Vec<u8>>,
61    /// The authentication method used by the user. This is present in case of a successful authentication.
62    authn_method: Option<String>,
63    /// The error message in case of a failed authentication.
64    text: Option<String>,
65}
66
67impl IdentityServiceResponseMessage {
68    /// Returns the kind of the Identity Service response.
69    pub fn kind(&self) -> Result<IdentityServiceResponseKind, String> {
70        match self.kind.as_str() {
71            "authorize-ready" => Ok(IdentityServiceResponseKind::Ready),
72            "authorize-client-success" => Ok(IdentityServiceResponseKind::AuthSuccess(
73                AuthResponseSuccess {
74                    delegations: self.delegations.clone().unwrap_or_default(),
75                    user_public_key: self.user_public_key.clone().unwrap_or_default(),
76                    authn_method: self.authn_method.clone().unwrap_or_default(),
77                },
78            )),
79            "authorize-client-failure" => Ok(IdentityServiceResponseKind::AuthFailure(
80                self.text.clone().unwrap_or_default(),
81            )),
82            other => Err(format!("Unknown response kind: {}", other)),
83        }
84    }
85}
86
87/// Enum representing the kind of response from the Identity Service.
88#[derive(Debug, Clone)]
89pub enum IdentityServiceResponseKind {
90    /// Represents a ready state.
91    Ready,
92    /// Represents a successful authentication response.
93    AuthSuccess(AuthResponseSuccess),
94    /// Represents a failed authentication response with an error message.
95    AuthFailure(String),
96}