Module credentials

Expand description

User credential types and verification abstractions.

This module defines the authentication boundary for webgates-core. It intentionally stays small: the crate represents user-supplied credentials, but leaves verification strategy and storage details to higher-level code.

This module exposes:

Credentials stores a caller-provided identifier and plaintext secret
credentials_verifier::CredentialsVerifier defines the async verification contract used by higher-level authentication services

Import Credentials directly from webgates_core::credentials and credentials_verifier::CredentialsVerifier from the owning submodule.

§Quick Start

use webgates_core::credentials::Credentials;

let credentials = Credentials::new(&"user@example.com".to_string(), "password123");

let json = r#"{"id":"admin@company.com","secret":"admin_pass"}"#;
let parsed: Credentials<String> = serde_json::from_str(json)?;

assert_eq!(parsed.id, "admin@company.com");

§Verification boundary

Concrete verifier implementations belong in higher-level crates or in your application code. webgates-core only defines the shared types and the verification trait that those layers implement.

§Security Considerations

Credentials contain plaintext secrets and should be short-lived.
Never log or persist raw credentials.
Only transmit credentials over secure channels such as HTTPS/TLS.
Verification backends should avoid leaking identifier existence through observable timing or error details.

Modules§

credentials_verifier: Async verification contract for credential backends.

Structs§

Credentials: Authentication credentials containing a user identifier and plaintext secret.