Struct Hessra

Source
pub struct Hessra { /* private fields */ }
Expand description

Unified SDK for Hessra authentication services

This struct provides a high-level interface combining functionality from all component crates (config, token, api).

Implementations§

Source§

impl Hessra

Source

pub fn new(config: HessraConfig) -> Result<Self, SdkError>

Create a new Hessra SDK instance from a configuration

Source

pub fn builder() -> HessraBuilder

Create a builder for a Hessra SDK instance

Source

pub async fn setup(&mut self) -> Result<(), SdkError>

Setup the SDK with the public key

This will fetch the public key from the Hessra service and set it in the SDK configuration. If the public key is already set, it will be overwritten. Requires a mutable reference to the SDK instance.

Source

pub async fn with_setup(&self) -> Result<Self, SdkError>

Setup the SDK with the public key and return a new instance

This will fetch the public key from the Hessra service and set it in the SDK configuration. If the public key is already set, it will be overwritten.

Source

pub async fn request_token( &self, resource: impl Into<String>, operation: impl Into<String>, ) -> Result<TokenResponse, SdkError>

Request a token for a resource Returns the full TokenResponse which may include pending signoffs for multi-party tokens

Source

pub async fn request_token_simple( &self, resource: impl Into<String>, operation: impl Into<String>, ) -> Result<String, SdkError>

Request a token for a resource (simple version) Returns just the token string for backward compatibility

Source

pub async fn sign_token( &self, token: &str, resource: &str, operation: &str, ) -> Result<SignTokenResponse, SdkError>

Sign a multi-party token by calling an authorization service’s signoff endpoint

Source

pub async fn collect_signoffs( &self, initial_token_response: TokenResponse, resource: &str, operation: &str, ) -> Result<String, SdkError>

Collect all required signoffs for a multi-party token Returns the fully signed token once all signoffs are collected

Source

pub async fn request_token_with_signoffs( &self, resource: &str, operation: &str, ) -> Result<String, SdkError>

Request a token and automatically collect any required signoffs This is a convenience method that combines token request and signoff collection

Source

pub async fn verify_token( &self, token: impl Into<String>, subject: impl Into<String>, resource: impl Into<String>, operation: impl Into<String>, ) -> Result<(), SdkError>

Verify a token

This function verifies a token using either the remote Hessra service or locally using the service’s public key if one is configured. This will always prefer to verify locally if a public key is configured.

Source

pub async fn verify_token_remote( &self, token: impl Into<String>, subject: impl Into<String>, resource: impl Into<String>, operation: impl Into<String>, ) -> Result<String, SdkError>

Verify a token using the remote Hessra service

Source

pub fn verify_token_local( &self, token: impl Into<String>, subject: impl AsRef<str>, resource: impl AsRef<str>, operation: impl AsRef<str>, ) -> Result<(), SdkError>

Verify a token locally using cached public keys

Source

pub async fn verify_service_chain_token( &self, token: impl Into<String>, subject: impl Into<String>, resource: impl Into<String>, operation: impl Into<String>, service_chain: Option<&ServiceChain>, component: Option<String>, ) -> Result<(), SdkError>

Verify a service chain token

This function verifies a service chain token using either the remote Hessra service or locally using the service’s public key if one is configured. This will always prefer to verify locally if a public key is configured and a service chain is provided.

Source

pub async fn verify_service_chain_token_remote( &self, token: impl Into<String>, subject: impl Into<String>, resource: impl Into<String>, component: Option<String>, ) -> Result<String, SdkError>

Verify a service chain token using the remote Hessra service

Source

pub fn verify_service_chain_token_local( &self, token: String, subject: impl AsRef<str>, resource: impl AsRef<str>, operation: impl AsRef<str>, service_chain: &ServiceChain, component: Option<String>, ) -> Result<(), SdkError>

Verify a service chain token locally using cached public keys

Source

pub fn attest_service_chain_token( &self, token: String, service: impl Into<String>, ) -> Result<String, SdkError>

Attest a service chain token with a new service node attestation Expects a base64 encoded token string and a service name Returns a base64 encoded token string

Source

pub async fn get_public_key(&self) -> Result<String, SdkError>

Get the public key from the Hessra service

Source

pub fn client(&self) -> &HessraClient

Get the client used by this SDK instance

Source

pub fn config(&self) -> &HessraConfig

Get the configuration used by this SDK instance

Auto Trait Implementations§

§

impl Freeze for Hessra

§

impl !RefUnwindSafe for Hessra

§

impl Send for Hessra

§

impl Sync for Hessra

§

impl Unpin for Hessra

§

impl !UnwindSafe for Hessra

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

impl<T> ErasedDestructor for T
where T: 'static,

§

impl<T> MaybeSendSync for T