Expand description
Authenticate with CipherStash services using the OAuth 2.0 Device Authorization Grant.
This crate implements the device code flow, which lets CLI tools and other browserless applications obtain an access token by having the user authorize in a browser on another device.
§Usage
use stack_auth::DeviceCodeStrategy;
use cts_common::Region;
// 1. Create a strategy for your region and client ID
let region = Region::aws("ap-southeast-2")?;
let strategy = DeviceCodeStrategy::new(region, "my-client-id")?;
// 2. Begin the device code flow
let pending = strategy.begin().await?;
// 3. Show the user their code and where to enter it
println!("Go to: {}", pending.verification_uri_complete());
println!("Code: {}", pending.user_code());
// Or open the browser directly:
pending.open_in_browser();
// 4. Poll until the user authorizes (or the code expires)
let token = pending.poll_for_token().await?;
// 5. Use the access token to call CipherStash APIs
println!("Authenticated! Token expires in {}s", token.expires_in());§Security
Sensitive values (SecretToken) are automatically zeroized when dropped
and are masked in Debug output to prevent accidental
leaks in logs.
Structs§
- Access
Key - A CipherStash access key.
- Access
KeyStrategy - An
AuthStrategythat uses a static access key to authenticate. - Access
KeyStrategy Builder - Builder for
AccessKeyStrategy. - Device
Code Strategy - Authenticates with CipherStash using the device code flow (RFC 8628).
- Device
Code Strategy Builder - Builder for
DeviceCodeStrategy. - Device
Identity - Persistent identity for a CLI installation.
- OAuth
Strategy - An
AuthStrategythat uses OAuth refresh tokens to maintain a valid access token. - OAuth
Strategy Builder - Builder for
OAuthStrategy. - Pending
Device Code - A device code flow that is waiting for the user to authorize.
- Secret
Token - A sensitive token string that is zeroized on drop and hidden from debug output.
- Service
Token - A CipherStash service token returned by an
AuthStrategy. - Token
- An access token returned by a successful authentication flow.
Enums§
- Auth
Error - Errors that can occur during an authentication flow.
- Auto
Strategy - An
AuthStrategythat automatically detects available credentials and delegates to the appropriate inner strategy. - Invalid
Access Key - Error returned when parsing an invalid access key string.
Traits§
- Auth
Strategy - A strategy for obtaining access tokens.