Crate pas_external 

pas-external

Ppoppo Accounts System (PAS) client for Rust.

• OAuth2 PKCE authentication flow
• JWT (RFC 9068, EdDSA) token verification via JWKS (RFC 7517)
• OIDC (OpenID Connect 1.0) ID-token verification via oidc::RelyingParty<S>
• Axum middleware for plug-and-play auth routes

Usage

[dependencies]
pas-external = { version = "0.1", features = ["axum"] }

For downstream consumer integration tests, enable test-support to access MemoryPasAuth (deterministic in-memory PAS substitute, FIFO-scripted):

[dev-dependencies]
pas-external = { version = "0.1", features = ["axum", "test-support"] }

Pre-1.0: minor bumps (0.2, 0.3) may include breaking changes per SemVer §11. Versions 1.0.1 – 5.0.0 were yanked from crates.io on 2026-04-30 as part of a pre-1.0 version reset; 0.1.0 is equivalent in scope to the (yanked) 5.0.0 development line. See CHANGELOG.md for the design history and 0context/STANDARDS_SESSION_LIVENESS.md for the consumer-facing contract.

Re-exports

pub use error::Error;

pub use error::TokenError;

pub use oidc::Address;

pub use oidc::IdAssertion;

pub use oidc::IdTokenVerifier;

pub use oidc::IdVerifyError;

pub use oidc::ScopePiiReader;

Modules

audit

M48 audit trait + types — re-exported from ppoppo-sdk-core.

clock

error

oidc

γ port-and-adapter SDK boundary for OpenID Connect Relying Party (RP) integration.

pas_port

PAS network-boundary port and deep refresh core.

session_liveness

Session liveness — two complementary axes.

types

SDK identity types — re-exported from ppoppo-sdk-core.

Structs

AuditEvent

Single typed event emitted on every BearerVerifier::verify rejection.

KeyId

PASERK key identifier.

MemoryRateLimiter

In-memory token-bucket limiter — Phase 9 default substrate.

Nonce

Opaque nonce value. Construction validates non-emptiness; the inner string is private so callers cannot bypass the invariant by minting Nonce(String::new()) directly.

NoopAuditSink

Default sink — explicitly does nothing.

Ppnum

Validated Ppoppo Number (≥11 digits, ASCII digits only).

PpnumId

PAS ppnum identifier (OAuth sub claim, ULID format).

RateLimitKey

Opaque per-source bucket key for a RateLimiter.

RateLimitedAuditSink

Wraps any AuditSink with any RateLimiter.

SessionId

Consumer-defined session identifier (opaque string).

Url

A parsed URL record.

UserId

Consumer-defined user identifier (opaque string).

VerifiedClaims

Verified bearer-token outcome, opaque to the underlying token format.

VerifyConfig

Per-deployment expectations folded into the verifier at construction.

Enums

IdTokenFailureKind

id_token-specific failure classification (Phase 10.11.B).

SessionLivenessError

Per-request liveness failure surface.

TokenVerifyError

VerifyErrorKind

Failure classification — mirrors the VerifyError and IdVerifyError surfaces but lives at the audit layer.

Traits

AuditSink

Audit emission port for verify-failure events (M48).

BearerVerifier

Verification port for incoming bearer tokens.

RateLimiter

Per-source rate-limiting port (M49).

SessionLiveness

Per-request session-row liveness check.

Functions

compose_id_token_source_id

Phase 10.11.D δ2 — id_token compound source key from azp ‖ aud ‖ kid.

compose_source_id

Compose a Phase 9 (e) compound source key from optional hints.