Skip to content

refactor: Reorg identity provider to match structure #406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gtema merged 1 commit into from
Nov 26, 2025
Merged

refactor: Reorg identity provider to match structure #406

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
197 changes: 196 additions & 1 deletion src/identity/backends.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,201 @@
//
// SPDX-License-Identifier: Apache-2.0

use async_trait::async_trait;
use dyn_clone::DynClone;
use std::collections::HashSet;
use webauthn_rs::prelude::{Passkey, PasskeyAuthentication, PasskeyRegistration};

use crate::auth::AuthenticatedInfo;
use crate::config::Config;
use crate::identity::IdentityProviderError;
use crate::identity::types::*;
use crate::keystone::ServiceState;

pub mod error;
//pub(crate) mod fake;
pub mod sql;

#[async_trait]
pub trait IdentityBackend: DynClone + Send + Sync + std::fmt::Debug {
/// Set config.
fn set_config(&mut self, config: Config);

/// Authenticate a user by a password.
async fn authenticate_by_password(
&self,
state: &ServiceState,
auth: UserPasswordAuthRequest,
) -> Result<AuthenticatedInfo, IdentityProviderError>;

/// List Users.
async fn list_users(
&self,
state: &ServiceState,
params: &UserListParameters,
) -> Result<Vec<UserResponse>, IdentityProviderError>;

/// Get single user by ID.
async fn get_user<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<Option<UserResponse>, IdentityProviderError>;

/// Find federated user by IDP and Unique ID.
async fn find_federated_user<'a>(
&self,
state: &ServiceState,
idp_id: &'a str,
unique_id: &'a str,
) -> Result<Option<UserResponse>, IdentityProviderError>;

/// Create user.
async fn create_user(
&self,
state: &ServiceState,
user: UserCreate,
) -> Result<UserResponse, IdentityProviderError>;

/// Delete user.
async fn delete_user<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<(), IdentityProviderError>;

/// List groups.
async fn list_groups(
&self,
state: &ServiceState,
params: &GroupListParameters,
) -> Result<Vec<Group>, IdentityProviderError>;

/// Get single group by ID.
async fn get_group<'a>(
&self,
state: &ServiceState,
group_id: &'a str,
) -> Result<Option<Group>, IdentityProviderError>;

/// Create group.
async fn create_group(
&self,
state: &ServiceState,
group: GroupCreate,
) -> Result<Group, IdentityProviderError>;

/// Delete group by ID.
async fn delete_group<'a>(
&self,
state: &ServiceState,
group_id: &'a str,
) -> Result<(), IdentityProviderError>;

/// List groups a user is member of.
async fn list_groups_of_user<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<Vec<Group>, IdentityProviderError>;

/// Add the user to the group.
async fn add_user_to_group<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
group_id: &'a str,
) -> Result<(), IdentityProviderError>;

/// Add user group membership relations.
async fn add_users_to_groups<'a>(
&self,
state: &ServiceState,
memberships: Vec<(&'a str, &'a str)>,
) -> Result<(), IdentityProviderError>;

/// Remove the user from the group.
async fn remove_user_from_group<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
group_id: &'a str,
) -> Result<(), IdentityProviderError>;

/// Remove the user from multiple groups.
async fn remove_user_from_groups<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
group_ids: HashSet<&'a str>,
) -> Result<(), IdentityProviderError>;

/// Set group memberships for the user.
async fn set_user_groups<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
group_ids: HashSet<&'a str>,
) -> Result<(), IdentityProviderError>;

/// List user passkeys.
async fn list_user_webauthn_credentials<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<Vec<Passkey>, IdentityProviderError>;

/// Create passkey.
async fn create_user_webauthn_credential<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
passkey: &Passkey,
description: Option<&'a str>,
) -> Result<WebauthnCredential, IdentityProviderError>;

/// Save passkey registration state.
async fn create_user_webauthn_credential_registration_state<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
state: PasskeyRegistration,
) -> Result<(), IdentityProviderError>;

/// Save passkey auth state.
async fn create_user_webauthn_credential_authentication_state<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
state: PasskeyAuthentication,
) -> Result<(), IdentityProviderError>;

/// Get passkey registration state.
async fn get_user_webauthn_credential_registration_state<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<Option<PasskeyRegistration>, IdentityProviderError>;

/// Get passkey authentication state.
async fn get_user_webauthn_credential_authentication_state<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<Option<PasskeyAuthentication>, IdentityProviderError>;

/// Delete passkey registration state of a user.
async fn delete_user_webauthn_credential_registration_state<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<(), IdentityProviderError>;

/// Delete passkey authentication state of a user.
async fn delete_user_webauthn_credential_authentication_state<'a>(
&self,
state: &ServiceState,
user_id: &'a str,
) -> Result<(), IdentityProviderError>;
}

dyn_clone::clone_trait_object!(IdentityBackend);
Loading
Loading