Struct shipcat_definitions::structs::authorization::Authorization [−][src]
pub struct Authorization { pub allowed_audiences: Vec<String>, pub allow_anonymous: bool, pub allow_invalid_tokens: bool, pub required_scopes: Vec<String>, pub allow_cookies: bool, pub enable_cookie_refresh: bool, pub refresh_auth_service: Option<String>, pub refresh_body_refresh_token_key: Option<String>, pub refresh_max_age_sec: Option<u32>, pub refresh_cookie_domain: Option<String>, pub refresh_http_timeout_msec: Option<u32>, pub refresh_renew_before_expiry_sec: Option<u32>, }
Expand description
Configuration for authorization of requests
Fields
allowed_audiences: Vec<String>
Allowed values for the aud
claim of the JWT payload.
allow_anonymous: bool
Are anonymous requests allowed to reach the service?
If true, requests with no Authorization
header (or an invalid/expired JWT, if allow_invalid_tokens is true) will be proxied to the service (but will receive an X-Anonymous-Consumer: true
header)
If false, they will be rejected (with a 401 response)
allow_invalid_tokens: bool
Are requests with invalid/expired tokens allowed to reach the service?
If true, Kong will allow requests with invalid Authorization
headers.
required_scopes: Vec<String>
What JWT scopes are required for the service?
If the JWT does not contain the required scopes, the request will be rejected with a 401.
Are tokens in cookies allowed
If true, CSRF protection is enabled and access tokens are extracted from cookies.
Should expired access_tokens in the Cookie header be refreshed automatically through an internal auth service?
If true, the cookie is parsed, its expiry is checked, and (if expired) it is replaced with a fresh access_token. A new cookie pair is sent through a Set-Cookie header.
refresh_auth_service: Option<String>
URL of authentication service where cookie_refresh is performed e.g. “http://ai-auth/v1/authenticate”
refresh_body_refresh_token_key: Option<String>
The refresh token is posted to the refresh_auth_service as a JSON object with a single key (this field). e.g. “api_key” will result in the following body: {“api_key”: “asdf1234”}
refresh_max_age_sec: Option<u32>
refresh_http_timeout_msec: Option<u32>
HTTP timeout for cookie refresh in msec
refresh_renew_before_expiry_sec: Option<u32>
How many seconds before their expiry should we refresh the tokens
Trait Implementations
impl Clone for Authorization
[src]
impl Clone for Authorization
[src]fn clone(&self) -> Authorization
[src]
fn clone(&self) -> Authorization
[src]Returns a copy of the value. Read more
fn clone_from(&mut self, source: &Self)
1.0.0[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]Performs copy-assignment from source
. Read more
impl Debug for Authorization
[src]
impl Debug for Authorization
[src]impl Default for Authorization
[src]
impl Default for Authorization
[src]fn default() -> Authorization
[src]
fn default() -> Authorization
[src]Returns the “default value” for a type. Read more
impl<'de> Deserialize<'de> for Authorization
[src]
impl<'de> Deserialize<'de> for Authorization
[src]fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
[src]
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
[src]Deserialize this value from the given Serde deserializer. Read more
impl Serialize for Authorization
[src]
impl Serialize for Authorization
[src]Auto Trait Implementations
impl RefUnwindSafe for Authorization
impl Send for Authorization
impl Sync for Authorization
impl Unpin for Authorization
impl UnwindSafe for Authorization
Blanket Implementations
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]pub fn borrow_mut(&mut self) -> &mut T
[src]
pub fn borrow_mut(&mut self) -> &mut T
[src]Mutably borrows from an owned value. Read more
impl<T> ToOwned for T where
T: Clone,
[src]
impl<T> ToOwned for T where
T: Clone,
[src]type Owned = T
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn to_owned(&self) -> T
[src]Creates owned data from borrowed data, usually by cloning. Read more
pub fn clone_into(&self, target: &mut T)
[src]
pub fn clone_into(&self, target: &mut T)
[src]🔬 This is a nightly-only experimental API. (toowned_clone_into
)
recently added
Uses borrowed data to replace owned data, usually by cloning. Read more
impl<T> DeserializeOwned for T where
T: for<'de> Deserialize<'de>,
[src]
T: for<'de> Deserialize<'de>,