mssql_auth/
lib.rs

1//! # mssql-auth
2//!
3//! Authentication strategies for SQL Server connections.
4//!
5//! This crate provides various authentication methods, isolated from
6//! connection logic for better modularity and testing.
7//!
8//! ## Supported Authentication Methods
9//!
10//! | Method | Feature Flag | Description |
11//! |--------|--------------|-------------|
12//! | SQL Authentication | default | Username/password |
13//! | Azure AD Token | default | Pre-obtained access token |
14//! | Azure Managed Identity | `azure-identity` | VM/container identity |
15//! | Service Principal | `azure-identity` | App credentials |
16//! | Integrated (Kerberos) | `integrated-auth` | GSSAPI/Kerberos |
17//! | Certificate | `cert-auth` | Client certificate |
18//!
19//! ## Authentication Tiers
20//!
21//! Per ARCHITECTURE.md, authentication is tiered:
22//!
23//! ### Tier 1 (Core - Pure Rust, Default)
24//!
25//! - [`SqlServerAuth`] - Username/password via Login7
26//! - [`AzureAdAuth`] - Pre-acquired access token
27//!
28//! ### Tier 2 (Azure Native - `azure-identity` feature)
29//!
30//! - Managed Identity (Azure VM/Container)
31//! - Service Principal (Client ID + Secret)
32//!
33//! ### Tier 3 (Enterprise/Legacy - `integrated-auth` feature)
34//!
35//! - Kerberos (Linux/macOS via GSSAPI)
36//! - NTLM/Kerberos (Windows via SSPI)
37//!
38//! ## Secure Credential Handling
39//!
40//! Enable the `zeroize` feature for secure credential handling:
41//!
42//! ```toml
43//! mssql-auth = { version = "0.1", features = ["zeroize"] }
44//! ```
45//!
46//! This enables secure credential handling that automatically zeroes
47//! sensitive data from memory when dropped.
48//!
49//! ## Example
50//!
51//! ```rust
52//! use mssql_auth::{SqlServerAuth, AzureAdAuth, AuthProvider};
53//!
54//! // SQL Server authentication
55//! let sql_auth = SqlServerAuth::new("sa", "Password123!");
56//! let auth_data = sql_auth.authenticate().unwrap();
57//!
58//! // Azure AD authentication with pre-acquired token
59//! let azure_auth = AzureAdAuth::with_token("eyJ0eXAi...");
60//! ```
61
62#![warn(missing_docs)]
63#![deny(unsafe_code)]
64
65pub mod azure_ad;
66pub mod credentials;
67pub mod error;
68pub mod provider;
69pub mod sql_auth;
70
71// Core types
72pub use credentials::Credentials;
73pub use error::AuthError;
74pub use provider::{AsyncAuthProvider, AuthData, AuthMethod, AuthProvider};
75
76// Authentication providers
77pub use azure_ad::{AzureAdAuth, FedAuthLibrary};
78pub use sql_auth::SqlServerAuth;
79
80// Legacy API (deprecated)
81#[allow(deprecated)]
82pub use sql_auth::SqlAuthenticator;
83
84// Secure credential types (with zeroize feature)
85#[cfg(feature = "zeroize")]
86pub use credentials::{SecretString, SecureCredentials};