feat(core): implement Identity, IdentityProvider trait, and ConfigIdentityProvider

Add Identity struct with id/scopes/resources fields and IdentityProvider
trait with resolve_from_fingerprint/resolve_from_token methods. Implement
ConfigIdentityProvider reading from ArcSwap<DynamicConfig.auth> for
fingerprint-based key lookups. Delegate ServerHandler::auth_publickey()
through IdentityProvider instead of direct AuthPolicy access. Store
authenticated Identity in the handler for use by ForwardingPolicy.
This commit is contained in:
2026-06-07 14:21:14 +00:00
parent ee1b3f3819
commit c64dbd19d5
5 changed files with 245 additions and 8 deletions

View File

@@ -4,9 +4,11 @@
//! See ADR-012 for the design rationale.
pub mod client_auth;
pub mod identity;
pub mod keys;
pub mod server_auth;
pub use client_auth::{ClientAuthConfig, ClientHandler};
pub use identity::{AuthToken, ConfigIdentityProvider, Identity, IdentityProvider};
pub use keys::{load_private_key, load_public_keys, CertAuthorityEntry, KeySource};
pub use server_auth::ServerAuthConfig;