Trait LocalAsyncAuthorizationService 

pub trait LocalAsyncAuthorizationService<I: Stream<Item = Result<Bytes, Error>>> {
    // Required methods
    fn authorize(
        &self,
        auth_: &BearerToken,
        request: &AuthorizationRequest,
    ) -> impl Future<Output = Result<BTreeSet<ResourceIdentifier>, Error>>;
    fn batch_get_workspace_for_resource(
        &self,
        auth_: &BearerToken,
        request: &BTreeSet<ResourceIdentifier>,
    ) -> impl Future<Output = Result<BTreeMap<ResourceIdentifier, WorkspaceRid>, Error>>;
    fn register_in_workspace(
        &self,
        auth_: &BearerToken,
        request: &RegisterInWorkspaceRequest,
    ) -> impl Future<Output = Result<(), Error>>;
    fn check_admin(
        &self,
        auth_: &BearerToken,
    ) -> impl Future<Output = Result<(), Error>>;
    fn is_email_allowed(
        &self,
        request: &IsEmailAllowedRequest,
    ) -> impl Future<Output = Result<IsEmailAllowedResponse, Error>>;
    fn is_email_allowed_okta(
        &self,
        request: &OktaRegistrationRequest,
    ) -> impl Future<Output = Result<OktaRegistrationResponse, Error>>;
    fn get_user_orgs(
        &self,
        request: &GetUserOrgsRequest,
    ) -> impl Future<Output = Result<GetUserOrgsResponse, Error>>;
    fn get_access_token(
        &self,
        request: &GetAccessTokenRequest,
    ) -> impl Future<Output = Result<GetAccessTokenResponse, Error>>;
    fn refresh_access_token(
        &self,
        request: &RefreshAccessTokenRequest,
    ) -> impl Future<Output = Result<RefreshAccessTokenResponse, Error>>;
    fn create_api_key(
        &self,
        auth_: &BearerToken,
        request: &CreateApiKeyRequest,
    ) -> impl Future<Output = Result<CreateApiKeyResponse, Error>>;
    fn list_api_keys_in_org(
        &self,
        auth_: &BearerToken,
        request: &ListApiKeyRequest,
    ) -> impl Future<Output = Result<ListApiKeyResponse, Error>>;
    fn list_user_api_keys(
        &self,
        auth_: &BearerToken,
        request: &ListApiKeyRequest,
    ) -> impl Future<Output = Result<ListApiKeyResponse, Error>>;
    fn revoke_api_key(
        &self,
        auth_: &BearerToken,
        rid: &ApiKeyRid,
    ) -> impl Future<Output = Result<(), Error>>;
}

Authorization service manages the permissions for a user to access resources.

Required Methods

fn authorize( &self, auth_: &BearerToken, request: &AuthorizationRequest, ) -> impl Future<Output = Result<BTreeSet<ResourceIdentifier>, Error>>

Given a set of resources, returns the set of resources that the user is authorized to access.

fn batch_get_workspace_for_resource( &self, auth_: &BearerToken, request: &BTreeSet<ResourceIdentifier>, ) -> impl Future<Output = Result<BTreeMap<ResourceIdentifier, WorkspaceRid>, Error>>

Given a set of resources, returns the workspace that each resource belongs to. If a user is not authorized on the resource, will omit the resource from the response.

fn register_in_workspace( &self, auth_: &BearerToken, request: &RegisterInWorkspaceRequest, ) -> impl Future<Output = Result<(), Error>>

Marks a set of resources as belonging to a workspace. Either all resources are registered or none are. If the user is not in the workspace, this will throw. If a resource already belongs to a different workspace, this will throw. If a resource already belongs to this workspace, this is a no-op.

fn check_admin( &self, auth_: &BearerToken, ) -> impl Future<Output = Result<(), Error>>

Given an authenticated session, this endpoint returns a HTTP 204 if the authenticated user is an admin and HTTP 403 otherwise.

fn is_email_allowed( &self, request: &IsEmailAllowedRequest, ) -> impl Future<Output = Result<IsEmailAllowedResponse, Error>>

Checks if the email is allowed to register.

fn is_email_allowed_okta( &self, request: &OktaRegistrationRequest, ) -> impl Future<Output = Result<OktaRegistrationResponse, Error>>

Checks if the email is allowed to register, following Okta “registration inline hook” API.

fn get_user_orgs( &self, request: &GetUserOrgsRequest, ) -> impl Future<Output = Result<GetUserOrgsResponse, Error>>

Provides an OIDC ID token to get the orgs that the user is a member of. Throws NotAuthorized if the ID token is invalid or if the OIDC provider is not known.

fn get_access_token( &self, request: &GetAccessTokenRequest, ) -> impl Future<Output = Result<GetAccessTokenResponse, Error>>

Provide an OIDC ID token to get a Nominal access token suitable for making API requests. Its expiry will match that of the input ID token, capped at 24h. TODO(MGMT-933): reduce this duration. Throws NotAuthorized if the ID token is invalid or if the OIDC provider is not known.

fn refresh_access_token( &self, request: &RefreshAccessTokenRequest, ) -> impl Future<Output = Result<RefreshAccessTokenResponse, Error>>

Given an authenticated session, provide an OIDC access token to get a Nominal access token suitable for making API requests. Its expiry will match that of the input access token, capped at 24h. TODO(MGMT-933): reduce this duration. Throws NotAuthorized if the access token is invalid or if the OIDC provider is not known.

fn create_api_key( &self, auth_: &BearerToken, request: &CreateApiKeyRequest, ) -> impl Future<Output = Result<CreateApiKeyResponse, Error>>

Provide a long-lived API key for making API requests. The API key is irretrievable after initial creation.

fn list_api_keys_in_org( &self, auth_: &BearerToken, request: &ListApiKeyRequest, ) -> impl Future<Output = Result<ListApiKeyResponse, Error>>

List all API keys in the organization.

fn list_user_api_keys( &self, auth_: &BearerToken, request: &ListApiKeyRequest, ) -> impl Future<Output = Result<ListApiKeyResponse, Error>>

List all API keys for the user.

fn revoke_api_key( &self, auth_: &BearerToken, rid: &ApiKeyRid, ) -> impl Future<Output = Result<(), Error>>

Delete an API key.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors

impl<I: Stream<Item = Result<Bytes, Error>>, __C> LocalAsyncAuthorizationService<I> for LocalAsyncAuthorizationServiceClient<__C>

where __C: LocalAsyncClient<ResponseBody = I>,