gotham_restful

Type Alias AuthValidation

Source 
pub type AuthValidation = Validation;

Aliased Type§

struct AuthValidation {
    pub required_spec_claims: HashSet<String>,
    pub leeway: u64,
    pub reject_tokens_expiring_in_less_than: u64,
    pub validate_exp: bool,
    pub validate_nbf: bool,
    pub validate_aud: bool,
    pub aud: Option<HashSet<String>>,
    pub iss: Option<HashSet<String>>,
    pub sub: Option<String>,
    pub algorithms: Vec<Algorithm>,
    /* private fields */
}

Fields§

§required_spec_claims: HashSet<String>

Which claims are required to be present before starting the validation. This does not interact with the various validate_*. If you remove exp from that list, you still need to set validate_exp to false. The only value that will be used are “exp”, “nbf”, “aud”, “iss”, “sub”. Anything else will be ignored.

Defaults to {"exp"}

§leeway: u64

Add some leeway (in seconds) to the exp and nbf validation to account for clock skew.

Defaults to 60.

§reject_tokens_expiring_in_less_than: u64

Reject a token some time (in seconds) before the exp to prevent expiration in transit over the network.

The value is the inverse of leeway, subtracting from the validation time.

Defaults to 0.

§validate_exp: bool

Whether to validate the exp field.

It will return an error if the time in the exp field is past.

Defaults to true.

§validate_nbf: bool

Whether to validate the nbf field.

It will return an error if the current timestamp is before the time in the nbf field.

Validation only happens if nbf claim is present in the token. Adding nbf to required_spec_claims will make it required.

Defaults to false.

§validate_aud: bool

Whether to validate the aud field.

It will return an error if the aud field is not a member of the audience provided.

Validation only happens if aud claim is present in the token. Adding aud to required_spec_claims will make it required.

Defaults to true. Very insecure to turn this off. Only do this if you know what you are doing.

§aud: Option<HashSet<String>>

Validation will check that the aud field is a member of the audience provided and will error otherwise. Use set_audience to set it

Validation only happens if aud claim is present in the token. Adding aud to required_spec_claims will make it required.

Defaults to None.

§iss: Option<HashSet<String>>

If it contains a value, the validation will check that the iss field is a member of the iss provided and will error otherwise. Use set_issuer to set it

Validation only happens if iss claim is present in the token. Adding iss to required_spec_claims will make it required.

Defaults to None.

§sub: Option<String>

If it contains a value, the validation will check that the sub field is the same as the one provided and will error otherwise.

Validation only happens if sub claim is present in the token. Adding sub to required_spec_claims will make it required.

Defaults to None.

§algorithms: Vec<Algorithm>

The validation will check that the alg of the header is contained in the ones provided and will error otherwise. Will error if it is empty.

Defaults to vec![Algorithm::HS256].