mz_frontegg_auth/lib.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
// Copyright Materialize, Inc. and contributors. All rights reserved.
//
// Use of this software is governed by the Business Source License
// included in the LICENSE file.
//
// As of the Change Date specified in that file, in accordance with
// the Business Source License, use of this software will be governed
// by the Apache License, Version 2.0.
mod app_password;
mod auth;
mod client;
mod error;
mod metrics;
use std::path::PathBuf;
pub use auth::{
Authenticator, AuthenticatorConfig, ClaimMetadata, ClaimTokenType, Claims,
DEFAULT_REFRESH_DROP_FACTOR, DEFAULT_REFRESH_DROP_LRU_CACHE_SIZE,
};
pub use client::tokens::{ApiTokenArgs, ApiTokenResponse};
pub use client::Client;
pub use error::Error;
use uuid::Uuid;
pub use crate::app_password::{AppPassword, AppPasswordParseError};
/// Command line arguments for frontegg.
#[derive(Debug, Clone, clap::Parser)]
pub struct FronteggCliArgs {
/// Enables Frontegg authentication for the specified tenant ID.
#[clap(
long,
env = "FRONTEGG_TENANT",
requires_all = &["frontegg-api-token-url", "frontegg-admin-role"],
value_name = "UUID",
)]
frontegg_tenant: Option<Uuid>,
/// JWK used to validate JWTs during Frontegg authentication as a PEM public
/// key. Can optionally be base64 encoded with the URL-safe alphabet.
#[clap(long, env = "FRONTEGG_JWK", requires = "frontegg-tenant")]
frontegg_jwk: Option<String>,
/// Path to JWK used to validate JWTs during Frontegg authentication as a PEM public
/// key.
#[clap(long, env = "FRONTEGG_JWK_FILE", requires = "frontegg-tenant")]
frontegg_jwk_file: Option<PathBuf>,
/// The full URL (including path) to the Frontegg api-token endpoint.
#[clap(long, env = "FRONTEGG_API_TOKEN_URL", requires = "frontegg-tenant")]
frontegg_api_token_url: Option<String>,
/// The name of the admin role in Frontegg.
#[clap(long, env = "FRONTEGG_ADMIN_ROLE", requires = "frontegg-tenant")]
frontegg_admin_role: Option<String>,
}