oxide_framework_core/auth/
config.rs

1//! Configuration for JWT / cookie authentication.
2
3/// How [`super::AuthLayer`] obtains and validates tokens.
4#[derive(Debug, Clone)]
5pub struct AuthConfig {
6    /// HMAC secret for HS256.
7    pub secret: Vec<u8>,
8    /// If set, `iss` must match.
9    pub issuer: Option<String>,
10    /// If set, `aud` must match (single audience string).
11    pub audience: Option<String>,
12    /// Accept `Authorization: Bearer <jwt>`.
13    pub bearer_token: bool,
14    /// If set, also read a JWT from this cookie name (session-style).
15    pub session_cookie_name: Option<String>,
16}
17
18impl AuthConfig {
19    /// HS256 with Bearer tokens only.
20    pub fn new(secret: impl Into<Vec<u8>>) -> Self {
21        Self {
22            secret: secret.into(),
23            issuer: None,
24            audience: None,
25            bearer_token: true,
26            session_cookie_name: None,
27        }
28    }
29
30    /// Also accept JWT stored in a browser cookie (common for session UX).
31    pub fn with_session_cookie(mut self, cookie_name: impl Into<String>) -> Self {
32        self.session_cookie_name = Some(cookie_name.into());
33        self
34    }
35
36    pub fn with_issuer(mut self, issuer: impl Into<String>) -> Self {
37        self.issuer = Some(issuer.into());
38        self
39    }
40
41    pub fn with_audience(mut self, audience: impl Into<String>) -> Self {
42        self.audience = Some(audience.into());
43        self
44    }
45
46    /// Enable or disable the `Authorization: Bearer` scheme (cookie-only when `false`).
47    pub fn enable_bearer(mut self, yes: bool) -> Self {
48        self.bearer_token = yes;
49        self
50    }
51}
52
oxide_framework_core/auth/config.rs

oxide_framework_core/auth/
config.rs
