Struct relay_auth::SignedRegisterState
source · pub struct SignedRegisterState(/* private fields */);
Expand description
An encoded and signed RegisterState
.
This signature can be used by the upstream server to ensure that the downstream client did not
tamper with the token without keeping state between requests. For more information, see
RegisterState
.
The format and contents of SignedRegisterState
are intentionally opaque. Downstream clients
do not need to interpret it, and the upstream can change its contents at any time. Parsing and
validation is only performed on the upstream.
In the current implementation, the serialized state has the format {state}:{signature}
, where
each component is:
state
: A URL-safe base64 encoding of the JSON serializedRegisterState
.signature
: A URL-safe base64 encoding of the SHA512 HMAC of the encoded state.
To create a signed state, use RegisterChallenge::sign
. To validate the signature and read
the state, use SignedRegisterChallenge::unpack
. In both cases, a secret for signing has to be
supplied.
Implementations§
source§impl SignedRegisterState
impl SignedRegisterState
sourcepub fn unpack(
&self,
secret: &[u8],
max_age: Option<Duration>
) -> Result<RegisterState, UnpackError>
pub fn unpack( &self, secret: &[u8], max_age: Option<Duration> ) -> Result<RegisterState, UnpackError>
Unpacks the encoded state and validates the signature.
If max_age
is specified, then the timestamp in the state is validated against the current
time stamp. If the stored timestamp is too old, UnpackError::SignatureExpired
is returned.
Trait Implementations§
source§impl Clone for SignedRegisterState
impl Clone for SignedRegisterState
source§fn clone(&self) -> SignedRegisterState
fn clone(&self) -> SignedRegisterState
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more