Trait AuthenticationProvider 

pub trait AuthenticationProvider: Send + Sync {
    // Required methods
    fn auth_credentials(&self) -> &Credentials;
    fn auth_realm(&self) -> &str;
    fn bearer_token(&self) -> Option<&str>;

    // Provided methods
    fn is_basic_auth_enabled(&self) -> bool { ... }
    fn is_bearer_auth_enabled(&self) -> bool { ... }
    fn is_auth_enabled(&self) -> bool { ... }
    fn forward_authorization_header(&self) -> bool { ... }
}

Configuration for HTTP Basic Authentication and Bearer Token.

Implement this trait to enable optional authentication.

Required Methods

fn auth_credentials(&self) -> &Credentials

Returns the list of authentication credentials for Basic Auth.

fn auth_realm(&self) -> &str

Returns the realm for WWW-Authenticate header.

fn bearer_token(&self) -> Option<&str>

Returns the bearer token, if configured.

Provided Methods

fn is_basic_auth_enabled(&self) -> bool

Returns true if Basic Auth is enabled (credentials configured).

fn is_bearer_auth_enabled(&self) -> bool

Returns true if Bearer Token auth is enabled.

fn is_auth_enabled(&self) -> bool

Returns true if any authentication is enabled.

fn forward_authorization_header(&self) -> bool

Whether to forward the Authorization header to the upstream service.

Default: false. When wisegate has performed authentication, the credentials have already served their purpose, and forwarding them leaks secrets to every downstream service. Set to true only when the upstream genuinely needs to re-validate the same credentials.

When authentication is disabled (is_auth_enabled() == false), this setting has no effect: the header passes through transparently.

Implementors

impl AuthenticationProvider for EnvVarConfig

impl AuthenticationProvider for DefaultConfig