AuthManager

Struct AuthManager

pub struct AuthManager { /* private fields */ }

Expand description

Authentication manager for coordinating multiple authentication providers

§MCP Specification Compliance

This manager implements stateless authentication per MCP spec (RFC 9728). No server-side session state is maintained. All authentication decisions are made by validating credentials on EVERY request.

Implementations§

impl AuthManager

pub fn new(config: AuthConfig) -> Self

Create a new authentication manager

§MCP Specification Compliance

Creates a stateless authentication manager per MCP spec. No server-side session state is maintained.

pub async fn add_provider(&self, provider: Arc<dyn AuthProvider>)

Add an authentication provider

pub async fn remove_provider(&self, name: &str) -> bool

Remove an authentication provider

pub async fn list_providers(&self) -> Vec<String>

List available providers

pub async fn authenticate( &self, provider_name: &str, credentials: AuthCredentials, ) -> McpResult<UnifiedAuthContext>

Authenticate user with credentials

§MCP Specification Compliance

Authenticates the user and returns an AuthContext. NO server-side session state is created - per MCP stateless requirement.

The returned AuthContext contains a token (if applicable) that the client must include in subsequent requests via the Authorization header.

§Example

let credentials = AuthCredentials::ApiKey {
    key: "secret_key".to_string(),
};

let auth_context = manager.authenticate("api", credentials).await?;

// Extract token for subsequent requests
if let Some(token_info) = &auth_context.token {
    let access_token = &token_info.access_token;
    // Client must send: Authorization: Bearer {access_token}
}

pub async fn validate_token( &self, token: &str, provider_name: Option<&str>, ) -> McpResult<UnifiedAuthContext>

Validate token and get authentication context

§MCP Specification Compliance

Validates the token on EVERY request per MCP stateless requirement. This method MUST be called for each incoming request to ensure the token is still valid (not expired, not revoked, etc.).

§Arguments

token - The access token to validate (from Authorization header)
provider_name - Optional provider name (if known). If None, tries all providers.

§Example

// Extract token from Authorization header
let token = auth_header.strip_prefix("Bearer ").unwrap();

// Validate token on EVERY request (stateless)
let auth_context = manager.validate_token(token, None).await?;

// Use auth_context for authorization decisions
println!("Authenticated user: {}", auth_context.user.username);

pub fn check_permission( &self, context: &UnifiedAuthContext, permission: &str, ) -> bool

Check if user has permission

pub fn check_role(&self, context: &UnifiedAuthContext, role: &str) -> bool

Check if user has role

Trait Implementations§

impl Debug for AuthManager

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl Freeze for AuthManager

impl !RefUnwindSafe for AuthManager

impl Send for AuthManager

impl Sync for AuthManager

impl Unpin for AuthManager

impl !UnwindSafe for AuthManager

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Pointable for T

const ALIGN: usize

The alignment of pointer.

type Init = T

The type for initializers.

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more