Struct shipcat_definitions::structs::authorization::Authorization

pub struct Authorization {
    pub allowed_audiences: Vec<String>,
    pub allow_anonymous: bool,
    pub allow_invalid_tokens: bool,
    pub required_scopes: Vec<String>,
    pub allow_cookies: bool,
    pub enable_cookie_refresh: bool,
    pub refresh_auth_service: Option<String>,
    pub refresh_body_refresh_token_key: Option<String>,
    pub refresh_max_age_sec: Option<u32>,
    pub refresh_cookie_domain: Option<String>,
    pub refresh_http_timeout_msec: Option<u32>,
    pub refresh_renew_before_expiry_sec: Option<u32>,
}

Configuration for authorization of requests

Fields

allowed_audiences: Vec<String>

Allowed values for the aud claim of the JWT payload.

allow_anonymous: bool

Are anonymous requests allowed to reach the service?

If true, requests with no Authorization header (or an invalid/expired JWT, if allow_invalid_tokens is true) will be proxied to the service (but will receive an X-Anonymous-Consumer: true header) If false, they will be rejected (with a 401 response)

allow_invalid_tokens: bool

Are requests with invalid/expired tokens allowed to reach the service?

If true, Kong will allow requests with invalid Authorization headers.

required_scopes: Vec<String>

What JWT scopes are required for the service?

If the JWT does not contain the required scopes, the request will be rejected with a 401.

allow_cookies: bool

Are tokens in cookies allowed

If true, CSRF protection is enabled and access tokens are extracted from cookies.

enable_cookie_refresh: bool

Should expired access_tokens in the Cookie header be refreshed automatically through an internal auth service?

If true, the cookie is parsed, its expiry is checked, and (if expired) it is replaced with a fresh access_token. A new cookie pair is sent through a Set-Cookie header.

refresh_auth_service: Option<String>

URL of authentication service where cookie_refresh is performed e.g. “http://ai-auth/v1/authenticate”

refresh_body_refresh_token_key: Option<String>

The refresh token is posted to the refresh_auth_service as a JSON object with a single key (this field). e.g. “api_key” will result in the following body: {“api_key”: “asdf1234”}

refresh_max_age_sec: Option<u32>

refresh_cookie_domain: Option<String>

refresh_http_timeout_msec: Option<u32>

HTTP timeout for cookie refresh in msec

refresh_renew_before_expiry_sec: Option<u32>

How many seconds before their expiry should we refresh the tokens

Trait Implementations

impl Clone for Authorization

fn clone(&self) -> Authorization

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Authorization

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Authorization

fn default() -> Authorization

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Authorization

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Serialize for Authorization

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.