Skip to main content

pas_external/
lib.rs

1#![doc = include_str!("../README.md")]
2
3pub mod audit;
4// `epoch` re-exports the engine `EpochRevocation` port + ships the
5// canonical adapter set (Phase 11.Z, RFC_2026-05-09 §3.5). Gated on
6// `well-known-fetch` because the engine port itself needs `token` and
7// the original `UserinfoFetcher` (deleted in 0.10.0) required the HTTP
8// client (`oauth`) — both implied by the `well-known-fetch` flag.
9// `SharedCacheCache` (0.10.0, RFC_2026-05-08 §4.1) requires the
10// additional `shared-cache` feature for the `ppoppo-infra` adapter dep.
11#[cfg(feature = "well-known-fetch")]
12pub mod epoch;
13pub mod error;
14// `oauth` is the OAuth2 wire-DTO + AuthClient adapter used internally by
15// `oidc::RelyingParty`. As of 0.8.0 it is `pub(crate)` — consumers reach
16// the OIDC RP composition root (`oidc::RelyingParty<S>`) and never the
17// raw OAuth surface. See `oidc::RefreshOutcome` for the boundary type at
18// `RelyingParty::refresh`.
19#[cfg(feature = "oauth")]
20pub(crate) mod oauth;
21#[cfg(feature = "token")]
22pub mod oidc;
23#[cfg(feature = "oauth")]
24pub mod pas_port;
25// `pkce` primitives (`generate_state`, `generate_code_verifier`,
26// `generate_code_challenge`) are SDK plumbing — `oidc::RelyingParty::start`
27// consumes them internally and exposes the resulting state via
28// `AuthorizationRedirect`. As of 0.8.0 the module is `pub(crate)`.
29#[cfg(feature = "oauth")]
30pub(crate) mod pkce;
31// `session_liveness` is intentionally ungated at module level — the
32// 0.10.0 `SessionLiveness` port has no AES / OAuth deps and ships
33// regardless of feature configuration so the verifier slot
34// (`PasJwtVerifier::with_session_liveness`) can reference it under
35// just `feature = "well-known-fetch"`. Internal sub-modules
36// (`cipher`, `liveness`) remain gated on `feature = "session-liveness"`
37// for the AES wrapper + PAS refresh-token check.
38pub mod session_liveness;
39#[cfg(feature = "token")]
40pub mod token;
41pub mod types;
42
43// Test-support helpers. `FakePasServer` is the SDK-owned wiremock-wrapped
44// fake PAS Authorization Server, replacing the 0.7.x
45// `RelyingParty::for_test_with_parts` escape hatch. Consumer integration
46// tests construct a real `RelyingParty::new(...)` against
47// `FakePasServer.issuer_url()` so production and test go through the same
48// public interface.
49#[cfg(feature = "test-support")]
50pub mod test_support;
51
52// Re-exports for convenient access
53pub use audit::{
54    AuditEvent, AuditSink, IdTokenFailureKind, MemoryRateLimiter, NoopAuditSink, RateLimitKey,
55    RateLimitedAuditSink, RateLimiter, VerifyErrorKind, compose_id_token_source_id,
56    compose_source_id,
57};
58#[cfg(any(test, feature = "test-support"))]
59pub use audit::MemoryAuditSink;
60pub use error::{Error, TokenError};
61// 0.10.0 — ungated L2 verifier-slot port (RFC_2026-05-08 §4.2 lock).
62pub use session_liveness::{SessionLiveness, SessionLivenessError};
63#[cfg(feature = "session-liveness")]
64pub use session_liveness::{
65    CipherError, EncryptedRefreshToken, LivenessFailure, LivenessOutcome, RevokeCause,
66    TokenCipher, TransientCause, attempt_liveness_refresh,
67};
68// γ port-and-adapter — Phase 6.1 (D-04 = γ, locked 2026-05-05).
69// `KeySet`, `PublicKey`, `VerifiedClaims`, `verify_v4_*`,
70// `parse_public_key_hex`, `extract_unverified_kid`, and the
71// `WellKnownPaseto*` types from 0.5 are removed — see CHANGELOG 0.6.0.
72#[cfg(feature = "token")]
73pub use token::{AuthSession, BearerVerifier, Expectations, VerifyError};
74#[cfg(feature = "well-known-fetch")]
75pub use token::PasJwtVerifier;
76// Re-export gated on BOTH `token` (the source module) AND
77// `test-support` / `cfg(test)` (the consumer-facing flag). Pre-9.C
78// the cfg was just `any(test, feature = "test-support")` which broke
79// `--no-default-features --features test-support` builds because the
80// `token` module itself is gated `feature = "token"`. Tightening
81// here is a feature-matrix correctness fix; semantics under default
82// features (where `token` is on) are unchanged.
83#[cfg(all(feature = "token", any(test, feature = "test-support")))]
84pub use token::MemoryBearerVerifier;
85// OIDC RP surface — composition root + post-verify shapes + ports.
86// `RelyingParty<S>` is the consumer-facing entry point; `RefreshOutcome`
87// is the typed boundary return for `RelyingParty::refresh` (replaces
88// the 0.7.x `oauth::TokenResponse` re-export).
89#[cfg(feature = "token")]
90pub use oidc::{Address, IdAssertion, IdTokenVerifier, IdVerifyError, Nonce, ScopePiiReader};
91#[cfg(all(feature = "token", any(test, feature = "test-support")))]
92pub use oidc::MemoryIdTokenVerifier;
93pub use types::{KeyId, Ppnum, PpnumId, SessionId, UserId};
94// `Url` is consumer-facing via `Config::new(client_id, redirect_uri: Url, ...)`
95// and `Discovery::for_test`. Re-exported so consumers reach the same `url`
96// crate version the SDK uses without separately tracking it in their
97// Cargo.toml.
98#[cfg(feature = "oauth")]
99pub use url::Url;