OpenID Connect Provider — turn pylon into an IdP that other apps
can sign in against. Useful for SSO across a fleet of internal
tools when you don’t want to depend on Auth0/Okta/Cognito.
WebAuthn / passkeys — minimal subset focused on getting passkey
sign-in working with the platforms users actually use (iOS,
macOS, Android, Windows Hello, 1Password, hardware keys).
A persisted account link. Schema-aligned with better-auth’s account
table (verified against https://www.better-auth.com/docs/concepts/database
at the time of writing) so users migrating from better-auth see the
same field names + meanings:
In-memory account backend (default). Lost on restart — production
deployments should swap in a persistent backend so refresh tokens
survive a redeploy.
A magic-code store. Wraps a MagicCodeBackend (in-memory by default)
and applies the verify/cooldown semantics. Hydrates the in-memory
cache from the backend on construction so durable backends survive
restart without losing in-flight codes.
One stored OAuth state record. Carries the post-callback redirect
URLs alongside the provider so the callback handler doesn’t need to
consult an env var to know where to send the user. Both URLs are
validated against PYLON_TRUSTED_ORIGINS at create time, so the
callback can trust them without re-checking.
Token bundle returned by OAuthConfig::exchange_code_full. Stored
on the matching Account row so refresh_token is available for
silent re-auth and expires_at is checked before each provider call.
Resolved identity returned by OAuthConfig::fetch_userinfo_full.
provider_account_id is the provider-stable subject id (Google sub,
GitHub numeric id) — what the account store keys on so a renamed
email doesn’t orphan the pylon account.
Pluggable storage for magic-code records. In-memory is the default
(fine for dev); persistent backends (SQLite, Postgres) live in
pylon-runtime so a server restart between “send code” and “verify
code” doesn’t invalidate the user’s pending login.
Backing store for OAuth state records. Default impl keeps them in
memory (fine for tests + dev); the runtime swaps in a SQLite or
Postgres backend so a restart in the middle of an OAuth handshake
doesn’t leave the user with “invalid state” on the callback.
Pluggable storage backend for sessions. The default is in-memory; apps
deploying for real should supply a persistent backend (e.g. SQLite or
Redis) so users don’t log out on server restart.
Extract the origin (scheme://host[:port]) from a URL string,
stripping any path/query/fragment. Best-effort string slicing —
no full URL parser dep. Public so router crates can reuse the same
logic when comparing redirect URLs against the trusted-origins list.
Validate that url has an origin (scheme://host[:port]) listed in
trusted_origins. Returns Ok(url) when trusted (echoes input for
chaining), Err with a code/message when not. Used by the OAuth
start endpoint to gate ?callback= + ?error_callback= values
before storing them in the state record.