ppoppo_sdk_core/verifier/

config.rs

//! `VerifyConfig` — per-deployment verification expectations.
//!
//! Phase A audit decision G renamed `Expectations` → `VerifyConfig` to
//! disambiguate from the consumer-side `AuthSession` types and to use
//! a name closer to the engine's `ppoppo_token::access_token::VerifyConfig`.

/// Per-deployment expectations folded into the verifier at construction.
///
/// `issuer` is the PAS instance URL (`accounts.ppoppo.com` in
/// production); `audience` is the consumer's OAuth `client_id`. Both
/// are static per-deployment — multi-tenant consumers instantiate
/// multiple verifiers, never rotate `VerifyConfig` on the per-call hot
/// path.
///
/// Held inside [`super::JwtVerifier`] (and optionally inside
/// [`super::MemoryBearerVerifier`]) so the
/// [`super::BearerVerifier::verify`] signature stays one-parameter —
/// the port is as small as it can be while still doing meaningful work.
#[derive(Debug, Clone)]
pub struct VerifyConfig {
    pub issuer: String,
    pub audience: String,
}

impl VerifyConfig {
    /// Construct from owned strings. Consumer wiring typically reads
    /// these from environment variables at startup.
    #[must_use]
    pub fn new(issuer: impl Into<String>, audience: impl Into<String>) -> Self {
        Self {
            issuer: issuer.into(),
            audience: audience.into(),
        }
    }
}