Expand description
§Auth-Core - Authentication and Authorization Primitives for RVoIP
rvoip-auth-core provides cryptographic and token-validation primitives
used across the RVoIP workspace. It does not own SIP dialog state, SIP
request retry orchestration, or WWW-Authenticate / Authorization header
routing. The SIP application layer in rvoip-sip owns those protocol
workflows and calls into this crate for the underlying algorithms.
§SIP Digest Primitives
DigestAuthenticator generates Digest challenges and validates Digest
responses. DigestClient computes UAC responses for challenges. They are
used by rvoip-sip for SIP Digest over 401 WWW-Authenticate /
Authorization and 407 Proxy-Authenticate / Proxy-Authorization.
Supported Digest algorithms are MD5, MD5-sess, SHA-256, SHA-256-sess,
SHA-512-256, and SHA-512-256-sess. An omitted Digest algorithm defaults
to MD5 for legacy SIP/PBX compatibility; unknown algorithms fail instead of
silently downgrading.
§Bearer and Token Validators
BearerValidator is the common async validation trait for Bearer tokens.
JwtValidator, JwksJwtValidator, OAuth2IntrospectionValidator,
and AAuthValidator are concrete validator families that can be plugged
into rvoip-sip’s SipAuthService for UAS-side SIP Bearer validation.
JWT and JWKS validators can optionally call TokenRevocationChecker with
token jti context after signature, issuer, audience, and expiry checks.
§Provider Contracts
Protocol crates and applications use provider traits to integrate with
users-core, Keycloak/OIDC, LDAP/AD, Redis, IMS infrastructure, or custom
services without coupling protocol code to a database. These contracts
include PasswordVerifier, DigestSecretProvider, ApiKeyVerifier,
TokenRevocationChecker, DigestReplayStore, AuthAuditSink, and
AuthRateLimiter.
§Other Auth Building Blocks
The crate also includes DPoP validation (DpopValidator) and HTTP
Message Signatures style envelope verification (Sig9421Verifier).
These are standalone primitives; protocol-specific negotiation and retry
behavior belongs in the crate that owns that protocol surface.
Re-exports§
pub use aauth::AAuthValidator;pub use aauth::ActorClaims;pub use aauth::ActorTokenValidator;pub use bearer::bearer_stub;pub use bearer::BearerAuthError;pub use bearer::BearerValidator;pub use dpop::jwk_thumbprint;pub use dpop::DpopError;pub use dpop::DpopProof;pub use dpop::DpopValidator;pub use dpop::ValidatedDpop;pub use dpop::DEFAULT_IAT_LEEWAY;pub use dpop::DEFAULT_JTI_CACHE_CAPACITY;pub use error::AuthError;pub use error::Result;pub use introspection::OAuth2IntrospectionValidator;pub use jwks::JwksJwtValidator;pub use jwks::DEFAULT_JWKS_CACHE_TTL;pub use jwt::JwtValidator;pub use providers::ApiKeyVerifier;pub use providers::AuthAuditEvent;pub use providers::AuthAuditOutcome;pub use providers::AuthAuditScheme;pub use providers::AuthAuditSink;pub use providers::AuthFailureReason;pub use providers::AuthRateLimitKey;pub use providers::AuthRateLimitKind;pub use providers::AuthRateLimitVerdict;pub use providers::AuthRateLimiter;pub use providers::CredentialAuthError;pub use providers::DigestNonceStatus;pub use providers::DigestReplayStore;pub use providers::DigestSecret;pub use providers::DigestSecretProvider;pub use providers::PasswordVerifier;pub use providers::TokenRevocationChecker;pub use providers::TokenRevocationContext;pub use providers::TokenRevocationStatus;pub use sig9421::EnvelopeSignature;pub use sig9421::KeyResolver;pub use sig9421::Sig9421Error;pub use sig9421::Sig9421Verifier;pub use sig9421::StaticKeyResolver;pub use sig9421::DEFAULT_REPLAY_CACHE_CAPACITY;pub use sig9421::DEFAULT_SIG_REPLAY_TTL;pub use sip_digest::DigestAlgorithm;pub use sip_digest::DigestAuthenticator;pub use sip_digest::DigestChallenge;pub use sip_digest::DigestChallengeDetails;pub use sip_digest::DigestClient;pub use sip_digest::DigestComputed;pub use sip_digest::DigestResponse;
Modules§
- aauth
- AAuth — IETF actor-authentication ([draft-ietf-aauth-*]).
- bearer
- Bearer-token validation surface.
- dpop
- DPoP-Proof JWT validation per RFC 9449.
- error
- Error types for authentication operations
- introspection
- OAuth2 token introspection Bearer validator.
- jwks
- JWKS-fetching
BearerValidatorfor OIDC-style deployments. - jwt
- JWT-based
BearerValidatorfor production deployments. - providers
- Auth provider contracts for RVoIP services.
- sig9421
- RFC 9421 HTTP Message Signatures — UCTP inline envelope variant.
- sip_
digest - SIP Digest Authentication per RFC 2617, RFC 7616, and RFC 8760.
- types
- Core types for authentication