Struct TokenSigner

pub struct TokenSigner { /* private fields */ }

Signs grants instead of storing them.

Although this token instance allows preservation of memory it also implies that tokens, once issued, are impossible to revoke.

Implementations

impl TokenSigner

pub fn new(secret: Assertion) -> TokenSigner

Construct a signing instance from a private signing key.

Security notice: Never use a password alone to construct the signing key. Instead, generate a new key using a utility such as openssl rand that you then store away securely.

pub fn ephemeral() -> TokenSigner

Construct a signing instance whose tokens only live for the program execution.

Useful for rapid prototyping where tokens need not be stored in a persistent database and can be invalidated at any time. This interface is provided with simplicity in mind, using the default system random generator (ring::rand::SystemRandom).

pub fn valid_for(&mut self, duration: Duration)

Set the validity of all issued grants to the specified duration.

This only affects tokens issued after this call. The default duration is 1 (ONE) hour for tokens issued for the authorization code grant method. For many users this may seem to short but should be secure-by-default. You may want to increase the duration, or instead use long lived refresh token instead (although you currently need to handle refresh tokens yourself, coming soonish).

pub fn valid_for_default(&mut self)

Set all grants to be valid for their default duration.

This only affects tokens issued after this call. The default duration is 1 (ONE) hour for tokens issued for the authorization code grant method.

pub fn generate_refresh_tokens(&mut self, refresh: bool)

Determine whether to generate refresh tokens.

By default, this option is off. Since the TokenSigner can on its own not revoke any tokens it should be considered carefullly whether to issue very long-living and powerful refresh tokens. On instance where this might be okay is as a component of a grander token architecture that adds a revocation mechanism.

Trait Implementations

impl<'a> Issuer for &'a TokenSigner

fn issue(&mut self, grant: Grant) -> Result<IssuedToken, ()>

Create a token authorizing the request parameters

fn refresh( &mut self, _refresh: &str, _grant: Grant, ) -> Result<RefreshedToken, ()>

Refresh a token.

fn recover_token<'t>(&'t self, token: &'t str) -> Result<Option<Grant>, ()>

Get the values corresponding to a bearer token

fn recover_refresh<'t>(&'t self, token: &'t str) -> Result<Option<Grant>, ()>

Get the values corresponding to a refresh token

impl Issuer for TokenSigner

fn issue(&mut self, grant: Grant) -> Result<IssuedToken, ()>

Create a token authorizing the request parameters

fn refresh( &mut self, _refresh: &str, _grant: Grant, ) -> Result<RefreshedToken, ()>

Refresh a token.

fn recover_token<'a>(&'a self, token: &'a str) -> Result<Option<Grant>, ()>

Get the values corresponding to a bearer token

fn recover_refresh<'a>(&'a self, token: &'a str) -> Result<Option<Grant>, ()>

Get the values corresponding to a refresh token