Trait AsyncAuthorizationService 

pub trait AsyncAuthorizationService<I: Stream<Item = Result<Bytes, Error>>> {
    // Required methods
    fn authorize(
        &self,
        auth_: &BearerToken,
        request: &AuthorizationRequest,
    ) -> impl Future<Output = Result<BTreeSet<ResourceIdentifier>, Error>> + Send;
    fn batch_get_workspace_for_resource(
        &self,
        auth_: &BearerToken,
        request: &BTreeSet<ResourceIdentifier>,
    ) -> impl Future<Output = Result<BTreeMap<ResourceIdentifier, ResourceIdentifier>, Error>> + Send;
    fn register_in_workspace(
        &self,
        auth_: &BearerToken,
        request: &RegisterInWorkspaceRequest,
    ) -> impl Future<Output = Result<(), Error>> + Send;
    fn check_admin(
        &self,
        auth_: &BearerToken,
    ) -> impl Future<Output = Result<(), Error>> + Send;
    fn is_email_allowed(
        &self,
        request: &IsEmailAllowedRequest,
    ) -> impl Future<Output = Result<IsEmailAllowedResponse, Error>> + Send;
    fn is_email_allowed_okta(
        &self,
        request: &OktaRegistrationRequest,
    ) -> impl Future<Output = Result<OktaRegistrationResponse, Error>> + Send;
    fn get_user_orgs(
        &self,
        request: &GetUserOrgsRequest,
    ) -> impl Future<Output = Result<GetUserOrgsResponse, Error>> + Send;
    fn get_access_token(
        &self,
        request: &GetAccessTokenRequest,
    ) -> impl Future<Output = Result<GetAccessTokenResponse, Error>> + Send;
    fn refresh_access_token(
        &self,
        request: &RefreshAccessTokenRequest,
    ) -> impl Future<Output = Result<RefreshAccessTokenResponse, Error>> + Send;
    fn get_idp_end_session_endpoint(
        &self,
        request: &GetIdpEndSessionEndpointRequest,
    ) -> impl Future<Output = Result<GetIdpEndSessionEndpointResponse, Error>> + Send;
    fn create_api_key(
        &self,
        auth_: &BearerToken,
        request: &CreateApiKeyRequest,
    ) -> impl Future<Output = Result<CreateApiKeyResponse, Error>> + Send;
    fn list_api_keys_in_org(
        &self,
        auth_: &BearerToken,
        request: &ListApiKeyRequest,
    ) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send;
    fn list_user_api_keys(
        &self,
        auth_: &BearerToken,
        request: &ListApiKeyRequest,
    ) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send;
    fn revoke_api_key(
        &self,
        auth_: &BearerToken,
        rid: &ApiKeyRid,
    ) -> impl Future<Output = Result<(), Error>> + Send;
}

Authorization service manages the permissions for a user to access resources.

Required Methods

fn authorize( &self, auth_: &BearerToken, request: &AuthorizationRequest, ) -> impl Future<Output = Result<BTreeSet<ResourceIdentifier>, Error>> + Send

Given a set of resources, returns the set of resources that the user is authorized to access.

fn batch_get_workspace_for_resource( &self, auth_: &BearerToken, request: &BTreeSet<ResourceIdentifier>, ) -> impl Future<Output = Result<BTreeMap<ResourceIdentifier, ResourceIdentifier>, Error>> + Send

Given a set of resources, returns the workspace that each resource belongs to. If a user is not authorized on the resource, will omit the resource from the response.

fn register_in_workspace( &self, auth_: &BearerToken, request: &RegisterInWorkspaceRequest, ) -> impl Future<Output = Result<(), Error>> + Send

Marks a set of resources as belonging to a workspace. Either all resources are registered or none are. If the user is not in the workspace, this will throw. If a resource already belongs to a different workspace, this will throw. If a resource already belongs to this workspace, this is a no-op.

fn check_admin( &self, auth_: &BearerToken, ) -> impl Future<Output = Result<(), Error>> + Send

Given an authenticated session, this endpoint returns a HTTP 204 if the authenticated user is an admin and HTTP 403 otherwise.

fn is_email_allowed( &self, request: &IsEmailAllowedRequest, ) -> impl Future<Output = Result<IsEmailAllowedResponse, Error>> + Send

Checks if the email is allowed to register.

fn is_email_allowed_okta( &self, request: &OktaRegistrationRequest, ) -> impl Future<Output = Result<OktaRegistrationResponse, Error>> + Send

Checks if the email is allowed to register, following Okta “registration inline hook” API.

fn get_user_orgs( &self, request: &GetUserOrgsRequest, ) -> impl Future<Output = Result<GetUserOrgsResponse, Error>> + Send

Provides an OIDC ID token to get the orgs that the user is a member of. Throws NotAuthorized if the ID token is invalid or if the OIDC provider is not known.

fn get_access_token( &self, request: &GetAccessTokenRequest, ) -> impl Future<Output = Result<GetAccessTokenResponse, Error>> + Send

Provide an OIDC ID token to get a Nominal access token suitable for making API requests. Its expiry will match that of the input ID token, capped at 24h. TODO(MGMT-933): reduce this duration. Throws NotAuthorized if the ID token is invalid or if the OIDC provider is not known.

fn refresh_access_token( &self, request: &RefreshAccessTokenRequest, ) -> impl Future<Output = Result<RefreshAccessTokenResponse, Error>> + Send

Given an authenticated session, provide an OIDC access token to get a Nominal access token suitable for making API requests. Its expiry will match that of the input access token, capped at 24h. TODO(MGMT-933): reduce this duration. Throws NotAuthorized if the access token is invalid or if the OIDC provider is not known.

fn get_idp_end_session_endpoint( &self, request: &GetIdpEndSessionEndpointRequest, ) -> impl Future<Output = Result<GetIdpEndSessionEndpointResponse, Error>> + Send

Given an IDP issued id token, return the end session endpoint, accessed through the .well-known/openid-configuration endpoint.

fn create_api_key( &self, auth_: &BearerToken, request: &CreateApiKeyRequest, ) -> impl Future<Output = Result<CreateApiKeyResponse, Error>> + Send

Provide a long-lived API key for making API requests. The API key is irretrievable after initial creation.

fn list_api_keys_in_org( &self, auth_: &BearerToken, request: &ListApiKeyRequest, ) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send

List all API keys in the organization.

fn list_user_api_keys( &self, auth_: &BearerToken, request: &ListApiKeyRequest, ) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send

List all API keys for the user.

fn revoke_api_key( &self, auth_: &BearerToken, rid: &ApiKeyRid, ) -> impl Future<Output = Result<(), Error>> + Send

Delete an API key.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors

impl<I: Stream<Item = Result<Bytes, Error>>, __C> AsyncAuthorizationService<I> for AsyncAuthorizationServiceClient<__C>

where __C: AsyncClient<ResponseBody = I> + Sync + Send, __C::ResponseBody: 'static + Send,