Expand description
§sui-id-core
Domain layer: password hashing, JWT signing/verification, OIDC Discovery, JWKS, Authorization Code + PKCE, token issuance, sessions, and the setup state machine.
This crate has no knowledge of HTTP. It speaks in terms of the storage
layer and pure data; the wiring to Axum lives in sui-id-bin.
Re-exports§
pub use errors::CoreError;pub use errors::CoreResult;
Modules§
- admin
- Admin-side use cases.
- authorize
- Authorization Code + PKCE flow.
- cache
- In-process read caches for hot-path DB lookups (RFC 014).
- dashboard
- Dashboard data assembly.
- discovery
- OIDC Discovery document construction.
- errors
- Core domain error type.
- events
- Structured security events.
- forgot_
password - Forgot-password / password-reset flow.
- hibp
- Pwned Passwords (HIBP) breach check.
- i18n
- Locale resolution.
- jwks
- JWKS document construction.
- jwt
- Minimal RFC 7519 JWT support, restricted to the EdDSA (Ed25519) algorithm.
- key_
rotation - Master-key rotation.
- Outbound mail.
- me_
security - Core operations behind the
/me/securityself-service surface. - mfa
- TOTP MFA use cases.
- oauth_
token - RFC 7662 (OAuth Token Introspection) and RFC 7009 (OAuth Token Revocation) use cases.
- password
- Password hashing and verification using Argon2id.
- session
- Admin session lifecycle.
- setup
- Initial setup state machine.
- step_up
- Step-up authentication: requiring a fresh proof of a strong factor before a sensitive action.
- time
- Time provider abstraction.
- tokens
- Token issuance and claim shapes.
- totp
- RFC 6238 TOTP, with the RFC 4648 Base32 encoding the otpauth URI requires for the secret.
- webauthn
- WebAuthn / passkey use cases.