pub struct StoredAccessToken {
pub id: String,
pub name: String,
pub subject: String,
pub roles: Vec<String>,
pub scopes: Vec<TokenScope>,
pub expires_at: DateTime<Utc>,
pub created_at: DateTime<Utc>,
pub created_by: String,
pub revoked_at: Option<DateTime<Utc>>,
}Expand description
A persisted scoped access token record (the revocation handle + audit row for a token minted via the token-management API or for a container).
The token itself is a JWT carrying jti == id plus the scopes below; this
record lets the daemon revoke it before expiry and list/audit issued tokens.
The raw JWT is returned to the caller only once at creation and is never
stored here.
Fields§
§id: StringUUID identifier — also the JWT jti claim (the revocation handle).
name: StringHuman-friendly label for the token (e.g. "ci-runner").
subject: StringThe token’s subject (JWT sub) — e.g. token:{id} for user-minted
tokens or container:{deployment}:{service}:{id} for container tokens.
roles: Vec<String>Role claims carried by the token (usually empty for purely-scoped
tokens; never "admin" unless minted by an admin).
scopes: Vec<TokenScope>The scopes baked into the token.
expires_at: DateTime<Utc>When the token expires.
created_at: DateTime<Utc>When the token was created.
created_by: StringThe subject id (user id or "system") that created the token.
revoked_at: Option<DateTime<Utc>>When the token was revoked, if it has been. None = still active.
Implementations§
Source§impl StoredAccessToken
impl StoredAccessToken
Sourcepub fn new(
name: impl Into<String>,
subject: impl Into<String>,
roles: Vec<String>,
scopes: Vec<TokenScope>,
expires_at: DateTime<Utc>,
created_by: impl Into<String>,
) -> Self
pub fn new( name: impl Into<String>, subject: impl Into<String>, roles: Vec<String>, scopes: Vec<TokenScope>, expires_at: DateTime<Utc>, created_by: impl Into<String>, ) -> Self
Create a new active token record with a fresh UUID id.
Sourcepub fn is_inactive(&self, now: DateTime<Utc>) -> bool
pub fn is_inactive(&self, now: DateTime<Utc>) -> bool
Whether the token is revoked or has expired as of now.
Trait Implementations§
Source§impl Clone for StoredAccessToken
impl Clone for StoredAccessToken
Source§fn clone(&self) -> StoredAccessToken
fn clone(&self) -> StoredAccessToken
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more