Skip to main content

RequiredCredential

plexus_core::plexus::schema

Struct RequiredCredential 

Source 
pub struct RequiredCredential {
    pub kind: Option<CredentialKind>,
    pub scopes: Vec<Scope>,
    pub site_hint: Option<AttachmentSite>,
}
Expand description

What a method requires on input — the implicit-derivation projection of scope tagging and credential-graph linkage onto a per-method filter.

Pinned by AUTHZ-CRED-S01-output.md §4 (Q-SELECT-1 resolution: implicit derivation from scope tagging plus refresh/revoke linkage) and AUTHZ-CRED-CORE-3 §“Implicit derivation”. This ticket explicitly does NOT add a #[plexus::method(requires_credential = { .. })] attribute surface — the proposal from AUTHZ-CRED-S01-output §10 is superseded by the implicit-derivation approach pinned here.

§Matching semantics (consumer-side)

A candidate credential matches this RequiredCredential iff:

  1. kind: if Some(k), the candidate’s CredentialMetadata.kind matches k (or the kind-subsumption table per AUTHZ-CRED-CORE-1 accepts the substitution; e.g. OauthAccess <: Bearer). If None, any kind whose scope set matches is acceptable.
  2. scopes: each scope in this set must be wildcard-matched by the candidate’s CredentialMetadata.scopes. The wildcard rules belong to the Scope type itself.
  3. site_hint: when populated, prefers the candidate whose CredentialMetadata.attach_as equals the hint. Advisory only — a candidate without the hint is not rejected.

§Wire back-compat

Added in AUTHZ-CRED-CORE-3. Pre-existing readers tolerate requires_credential: null (omitted on the wire when None) and pre-existing IRs that omit the field altogether decode cleanly via #[serde(default)] on the field site.

Fields§

§kind: Option<CredentialKind>

Specific kind a candidate credential must have (e.g., OauthRefresh), or None for “any kind whose scope set matches”.

§scopes: Vec<Scope>

Required scope set. A candidate credential’s metadata scopes must wildcard-match each scope in this set.

§site_hint: Option<AttachmentSite>

Preferred attach site for the client to use when the candidate credential has multiple alternates. Advisory only.

Implementations§

Source§

impl RequiredCredential

Source

pub fn from_method_scope(scope: Scope) -> Self

Derive a RequiredCredential from a method’s required scope tagging (per AUTHZ-S01-output §4). The kind field is left None — any kind whose scope set wildcard-matches scope is acceptable.

Used when a method declares #[plexus::method(scope = "...")] (or the framework derives an implicit scope from the method’s path).

Source

pub fn from_refresh_revoke_target( kind: CredentialKind, scopes: Vec<Scope>, ) -> Self

Derive a RequiredCredential for a method that appears as the target of another credential’s metadata.refresh_via or metadata.revoke_via (per AUTHZ-CRED-CORE-3 §“Implicit derivation” row 3). The kind field narrows to the issuing credential’s kind so the selection step picks the right kind (e.g., OauthRefresh for the auth.refresh call on an OauthAccess credential per the OAuth flow described in AUTHZ-CRED-S01-output §7.2).

Trait Implementations§

Source§

impl Clone for RequiredCredential

Source§

fn clone(&self) -> RequiredCredential

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RequiredCredential

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for RequiredCredential

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl JsonSchema for RequiredCredential

Source§

fn schema_name() -> Cow<'static, str>

The name of the generated JSON Schema. Read more
Source§

fn schema_id() -> Cow<'static, str>

Returns a string that uniquely identifies the schema produced by this type. Read more
Source§

fn json_schema(generator: &mut SchemaGenerator) -> Schema

Generates a JSON Schema for this type. Read more
Source§

fn inline_schema() -> bool

Whether JSON Schemas generated for this type should be included directly in parent schemas, rather than being re-used where possible using the $ref keyword. Read more
Source§

impl PartialEq for RequiredCredential

Source§

fn eq(&self, other: &RequiredCredential) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for RequiredCredential

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for RequiredCredential

Source§

impl StructuralPartialEq for RequiredCredential

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,