[][src]Trait ironoxide::user::UserOps

pub trait UserOps {
#[must_use]    fn user_create<'life0, 'life1, 'life2, 'async_trait>(
        jwt: &'life0 str,
        password: &'life1 str,
        user_create_opts: &'life2 UserCreateOpts,
        timeout: Option<Duration>
    ) -> Pin<Box<dyn Future<Output = Result<UserCreateResult>> + Send + 'async_trait>>
        'life0: 'async_trait,
        'life1: 'async_trait,
        'life2: 'async_trait
#[must_use] fn generate_new_device<'life0, 'life1, 'life2, 'async_trait>(
        jwt: &'life0 str,
        password: &'life1 str,
        device_create_options: &'life2 DeviceCreateOpts,
        timeout: Option<Duration>
    ) -> Pin<Box<dyn Future<Output = Result<DeviceAddResult>> + Send + 'async_trait>>
        'life0: 'async_trait,
        'life1: 'async_trait,
        'life2: 'async_trait
#[must_use] fn user_verify<'life0, 'async_trait>(
        jwt: &'life0 str,
        timeout: Option<Duration>
    ) -> Pin<Box<dyn Future<Output = Result<Option<UserResult>>> + Send + 'async_trait>>
        'life0: 'async_trait
#[must_use] fn user_list_devices<'life0, 'async_trait>(
        &'life0 self
    ) -> Pin<Box<dyn Future<Output = Result<UserDeviceListResult>> + Send + 'async_trait>>
        'life0: 'async_trait,
        Self: 'async_trait
#[must_use] fn user_get_public_key<'life0, 'life1, 'async_trait>(
        &'life0 self,
        users: &'life1 [UserId]
    ) -> Pin<Box<dyn Future<Output = Result<HashMap<UserId, PublicKey>>> + Send + 'async_trait>>
        'life0: 'async_trait,
        'life1: 'async_trait,
        Self: 'async_trait
#[must_use] fn user_rotate_private_key<'life0, 'life1, 'async_trait>(
        &'life0 self,
        password: &'life1 str
    ) -> Pin<Box<dyn Future<Output = Result<UserUpdatePrivateKeyResult>> + Send + 'async_trait>>
        'life0: 'async_trait,
        'life1: 'async_trait,
        Self: 'async_trait
#[must_use] fn user_delete_device<'life0, 'life1, 'async_trait>(
        &'life0 self,
        device_id: Option<&'life1 DeviceId>
    ) -> Pin<Box<dyn Future<Output = Result<DeviceId>> + Send + 'async_trait>>
        'life0: 'async_trait,
        'life1: 'async_trait,
        Self: 'async_trait
; }

IronOxide User Operations

Key Terms

  • Device - The only entity in the Data Control Platform that can decrypt data. A device is authorized using a user’s private key, therefore a device is tightly bound to a user.
  • ID - The ID representing a user or device. It must be unique within its segment and will not be encrypted.
  • Password - The string used to encrypt and escrow a user's private key.
  • Rotation - Changing a user's private key while leaving their public key unchanged. This can be accomplished by calling user_rotate_private_key.

Required methods

#[must_use]fn user_create<'life0, 'life1, 'life2, 'async_trait>(
    jwt: &'life0 str,
    password: &'life1 str,
    user_create_opts: &'life2 UserCreateOpts,
    timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<UserCreateResult>> + Send + 'async_trait>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait, 

Creates a user.


  • jwt - Valid IronCore or Auth0 JWT
  • password - Password to use for encrypting and escrowing the user's private key
  • user_create_opts - User creation parameters. Default values are provided with UserCreateOpts::default()
  • timeout - Timeout for this operation or None for no timeout


let password = "foobar";
let opts = UserCreateOpts::new(false);
let user_result = IronOxide::user_create(jwt, password, &opts, None).await?;

#[must_use]fn generate_new_device<'life0, 'life1, 'life2, 'async_trait>(
    jwt: &'life0 str,
    password: &'life1 str,
    device_create_options: &'life2 DeviceCreateOpts,
    timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<DeviceAddResult>> + Send + 'async_trait>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    'life2: 'async_trait, 

Generates a new device for the user specified in the JWT.

This will result in a new transform key (from the user's master private key to the new device's public key) being generated and stored with the IronCore Service.


  • jwt - Valid IronCore or Auth0 JWT
  • password - Password for the user specified in the JWT
  • device_create_options - Device creation parameters. Default values are provided with DeviceCreateOpts::default()
  • timeout - Timeout for this operation or None for no timeout


let password = "foobar";
let device_name = DeviceName::try_from("primary_device")?;
let opts = DeviceCreateOpts::new(Some(device_name));
let device_result = IronOxide::generate_new_device(jwt, password, &opts, None).await?;
let device_id: &DeviceId = device_result.device_id();

#[must_use]fn user_verify<'life0, 'async_trait>(
    jwt: &'life0 str,
    timeout: Option<Duration>
) -> Pin<Box<dyn Future<Output = Result<Option<UserResult>>> + Send + 'async_trait>> where
    'life0: 'async_trait, 

Verifies the existence of a user using a JWT to identify their user record.

Returns a None if the user could not be found.


  • jwt - Valid IronCore or Auth0 JWT
  • timeout - Timeout for this operation or None for no timeout


let verify_result = IronOxide::user_verify(jwt, None).await?;
let user_id = verify_result.expect("User not found!").account_id();

#[must_use]fn user_list_devices<'life0, 'async_trait>(
    &'life0 self
) -> Pin<Box<dyn Future<Output = Result<UserDeviceListResult>> + Send + 'async_trait>> where
    'life0: 'async_trait,
    Self: 'async_trait, 

Lists all of the devices for the current user.


let devices_result = sdk.user_list_devices().await?;
let devices: Vec<UserDevice> = devices_result.result().to_vec();

#[must_use]fn user_get_public_key<'life0, 'life1, 'async_trait>(
    &'life0 self,
    users: &'life1 [UserId]
) -> Pin<Box<dyn Future<Output = Result<HashMap<UserId, PublicKey>>> + Send + 'async_trait>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    Self: 'async_trait, 

Gets users' public keys given their IDs.

Allows discovery of which user IDs have keys in the IronCore system to help determine if they can be added to groups or have documents shared with them.

Only returns users whose keys were found in the IronCore system.


  • users - List of user IDs to check


let user1 = UserId::try_from("colt")?;
let user2 = UserId::try_from("fake_user")?;
let users = [user1, user2];
// This will only return one entry, for user "colt"
let get_result = sdk.user_get_public_key(&users).await?;
let (valid_users, invalid_users): (Vec<&UserId>, Vec<&UserId>) =
    users.iter().partition(|u| get_result.contains_key(u));

#[must_use]fn user_rotate_private_key<'life0, 'life1, 'async_trait>(
    &'life0 self,
    password: &'life1 str
) -> Pin<Box<dyn Future<Output = Result<UserUpdatePrivateKeyResult>> + Send + 'async_trait>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    Self: 'async_trait, 

Rotates the current user's private key while leaving their public key the same.

There's no black magic here! This is accomplished via multi-party computation with the IronCore webservice.

The main use case for this is a workflow that requires that users be generated prior to the user logging in for the first time. In this situation, a user's cryptographic identity can be generated by a third party, like a server process, and then the user can take control of their keys by rotating their private key.


password - Password to unlock the current user's private key


let password = "foobar";
let rotate_result = sdk.user_rotate_private_key(password).await?;

#[must_use]fn user_delete_device<'life0, 'life1, 'async_trait>(
    &'life0 self,
    device_id: Option<&'life1 DeviceId>
) -> Pin<Box<dyn Future<Output = Result<DeviceId>> + Send + 'async_trait>> where
    'life0: 'async_trait,
    'life1: 'async_trait,
    Self: 'async_trait, 

Deletes a device.

If deleting the currently signed-in device, the SDK will need to be re-initialized with IronOxide::initialize before further use.

Returns the ID of the deleted device.


  • device_id - ID of the device to delete. If None, deletes the current device


// If successful, returns the same `DeviceId` it is passed.
let deleted_device: DeviceId = sdk.user_delete_device(Some(&device_id)).await?;
Loading content...


impl UserOps for IronOxide[src]

Loading content...