Enum AuthMechanism 

pub enum AuthMechanism {
    Bearer {
        header: HeaderName,
    },
    Cookie {
        cookie: CookieName,
        login: MethodPath,
        refresh: Option<MethodPath>,
        logout: Option<MethodPath>,
    },
    Oidc {
        issuer: IssuerUrl,
        client_id: ClientId,
        exchange: Option<MethodPath>,
        request_scopes: Vec<String>,
    },
    Anonymous,
}

Tagged union of supported auth mechanisms a backend advertises.

Wire form: discriminated on kind, snake_case ("bearer", "cookie", "oidc", "anonymous"). See AUTHZ-S01-output §2 for canonical JSON examples.

Variants

Bearer

Static bearer token (today’s substrate --api-key shape). Not user-bound; the token authorizes the bearer.

Fields

header: HeaderName

Header carrying the token, e.g. Authorization.

Cookie

Cookie session, with a backend-defined login method that issues Set-Cookie.

Fields

cookie: CookieName

Name of the session cookie.

login: MethodPath

Method the client calls to issue/establish the cookie.

refresh: Option<MethodPath>

Optional method to renew the cookie.

logout: Option<MethodPath>

Optional method to invalidate the cookie.

Oidc

OIDC mechanism (designed-for; may not be implemented in initial epic).

Fields

issuer: IssuerUrl

Issuer URL of the IdP.

client_id: ClientId

client_id registered with the IdP for this backend.

exchange: Option<MethodPath>

Optional auth.exchange-style method the backend exposes to swap an ID token for a backend session cookie.

request_scopes: Vec<String>

Scopes the backend will request from the IdP. Bare-string scopes per the OIDC convention (e.g. "openid", "profile", "email"); AUTHZ scoping vocabulary is a separate concern (AUTHZ-CORE-4).

Anonymous

Anonymous — the backend accepts unauthenticated callers for some methods.

Advertising Anonymous is not permission to bypass scoping: per-method #[plexus::method(public)] markers gate which methods anonymous callers may invoke (AUTHZ-CORE-1 / AUTHZ-CORE-2). The advertisement says “anonymous is one of the accepted shapes”; the authorization layer says “this specific method is callable that way.”

Trait Implementations

impl Clone for AuthMechanism

fn clone(&self) -> AuthMechanism

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AuthMechanism

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for AuthMechanism

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl JsonSchema for AuthMechanism

fn schema_name() -> Cow<'static, str>

The name of the generated JSON Schema.

fn schema_id() -> Cow<'static, str>

Returns a string that uniquely identifies the schema produced by this type.

fn json_schema(generator: &mut SchemaGenerator) -> Schema

Generates a JSON Schema for this type.

fn inline_schema() -> bool

Whether JSON Schemas generated for this type should be included directly in parent schemas, rather than being re-used where possible using the $ref keyword.

impl PartialEq for AuthMechanism

fn eq(&self, other: &AuthMechanism) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for AuthMechanism

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for AuthMechanism

impl StructuralPartialEq for AuthMechanism