Struct pachyderm::auth::SessionInfo

pub struct SessionInfo {
    pub nonce: String,
    pub email: String,
    pub conversion_err: bool,
}

SessionInfo stores information associated with one OIDC authentication session (i.e. a single instance of a single user logging in). Sessions are short-lived and stored in the 'oidc-authns' collection, keyed by the OIDC 'state' token (30-character CSPRNG-generated string). 'GetOIDCLogin' generates and inserts entries, then /authorization-code/callback retrieves an access token from the ID provider and uses it to retrive the caller's email and store it in 'email', and finally Authorize() returns a Pachyderm token identified with that email address as a subject in Pachyderm.

Fields

nonce: String

nonce is used by /authorization-code/callback to validate session continuity with the IdP after a user has arrived there from GetOIDCLogin(). This is a 30-character CSPRNG-generated string.

email: String

email contains the email adddress associated with a user in their OIDC ID provider. Currently users are identified with their email address rather than their OIDC subject identifier to make switching between OIDC ID providers easier for users, and to make user identities more easily comprehensible in Pachyderm. The OIDC spec doesn't require that users' emails be present or unique, but we think this will be preferable in practice.

conversion_err: bool

conversion_err indicates whether an error was encountered while exchanging an auth code for an access token, or while obtaining a user's email (in /authorization-code/callback). Storing the error state here allows any sibling calls to Authenticate() (i.e. using the same OIDC state token) to notify their caller that an error has occurred. We avoid passing the caller any details of the error (which are logged by Pachyderm) to avoid giving information to a user who has network access to Pachyderm but not an account in the OIDC provider.

Trait Implementations

impl Clone for SessionInfo

fn clone(&self) -> SessionInfo

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SessionInfo

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Default for SessionInfo

fn default() -> SessionInfo

Returns the "default value" for a type.

impl Message for SessionInfo

fn encode_raw<B>(&self, buf: &mut B) where
    B: BufMut, 

fn merge_field<B>(
    &mut self,
    tag: u32,
    wire_type: WireType,
    buf: &mut B,
    ctx: DecodeContext
) -> Result<(), DecodeError> where
    B: Buf, 

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.

fn clear(&mut self)

Clears the message, resetting all fields to their default.

fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message to a buffer.

fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message with a length-delimiter to a buffer.

fn decode<B>(buf: B) -> Result<Self, DecodeError> where
    B: Buf,
    Self: Default, 

Decodes an instance of the message from a buffer.

fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
    B: Buf,
    Self: Default, 

Decodes a length-delimited instance of the message from the buffer.

fn merge<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes an instance of the message from a buffer, and merges it into self.

fn merge_length_delimited<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes a length-delimited instance of the message from buffer, and merges it into self.

impl PartialEq<SessionInfo> for SessionInfo

fn eq(&self, other: &SessionInfo) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &SessionInfo) -> bool

This method tests for !=.

impl StructuralPartialEq for SessionInfo