Google Git
Sign in
apache / incubator-teaclave-website / refs/heads/asf-site / . / api-docs / crates-enclave / src / teaclave_authentication_service_enclave / internal_service.rs.html
blob: a85c908f1e0ac9c03702233a890687f72616c4c5 [file] [log] [blame]
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `services/authentication/enclave/src/internal_service.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>internal_service.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../teaclave_authentication_service_enclave/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../teaclave_authentication_service_enclave/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
</pre><pre class="rust"><code><span class="comment">// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// &quot;License&quot;); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
</span><span class="kw">use </span><span class="kw">crate</span>::error::AuthenticationError;
<span class="kw">use </span><span class="kw">crate</span>::user_db::DbClient;
<span class="kw">use </span><span class="kw">crate</span>::user_info::UserInfo;
<span class="kw">use </span>std::sync::{Arc, Mutex};
<span class="kw">use </span>teaclave_proto::teaclave_authentication_service::{
TeaclaveAuthenticationInternal, UserAuthenticateRequest, UserAuthenticateResponse,
};
<span class="kw">use </span>teaclave_rpc::{ensure, Request, Response};
<span class="kw">use </span>teaclave_service_enclave_utils::bail;
<span class="kw">use </span>teaclave_types::TeaclaveServiceResponseResult;
<span class="attribute">#[derive(Clone)]
</span><span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">struct </span>TeaclaveAuthenticationInternalService {
db_client: Arc&lt;Mutex&lt;DbClient&gt;&gt;,
jwt_secret: Vec&lt;u8&gt;,
}
<span class="kw">impl </span>TeaclaveAuthenticationInternalService {
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new(db_client: DbClient, jwt_secret: Vec&lt;u8&gt;) -&gt; <span class="self">Self </span>{
<span class="self">Self </span>{
db_client: Arc::new(Mutex::new(db_client)),
jwt_secret,
}
}
}
<span class="attribute">#[teaclave_rpc::async_trait]
</span><span class="kw">impl </span>TeaclaveAuthenticationInternal <span class="kw">for </span>TeaclaveAuthenticationInternalService {
<span class="kw">async fn </span>user_authenticate(
<span class="kw-2">&amp;</span><span class="self">self</span>,
request: Request&lt;UserAuthenticateRequest&gt;,
) -&gt; TeaclaveServiceResponseResult&lt;UserAuthenticateResponse&gt; {
<span class="kw">let </span>request = request.into_inner();
<span class="macro">ensure!</span>(
request.credential.is_some(),
AuthenticationError::IncorrectToken
);
<span class="kw">let </span>cred = request.credential.unwrap();
<span class="macro">ensure!</span>(!cred.id.is_empty(), AuthenticationError::InvalidUserId);
<span class="macro">ensure!</span>(!cred.token.is_empty(), AuthenticationError::InvalidToken);
<span class="kw">let </span>user: UserInfo = <span class="kw">match </span><span class="self">self</span>.db_client.lock().unwrap().get_user(<span class="kw-2">&amp;</span>cred.id) {
<span class="prelude-val">Ok</span>(value) =&gt; value,
<span class="prelude-val">Err</span>(<span class="kw">_</span>) =&gt; <span class="macro">bail!</span>(AuthenticationError::InvalidUserId),
};
<span class="kw">let </span>claims = user
.validate_token(<span class="kw-2">&amp;</span><span class="self">self</span>.jwt_secret, <span class="kw-2">&amp;</span>cred.token)
.map_err(|<span class="kw">_</span>| AuthenticationError::IncorrectToken)<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(Response::new(UserAuthenticateResponse::new(claims)))
}
}
<span class="attribute">#[cfg(feature = <span class="string">&quot;enclave_unit_test&quot;</span>)]
</span><span class="kw">pub mod </span>tests {
<span class="kw">use super</span>::<span class="kw-2">*</span>;
<span class="kw">use </span><span class="kw">crate</span>::user_db::<span class="kw-2">*</span>;
<span class="kw">use </span><span class="kw">crate</span>::user_info::<span class="kw-2">*</span>;
<span class="kw">use </span>rand::RngCore;
<span class="kw">use </span>std::time::{Duration, SystemTime, UNIX_EPOCH};
<span class="attribute">#[allow(unused_imports)]
</span><span class="kw">use </span>std::untrusted::time::SystemTimeEx;
<span class="kw">use </span>std::vec;
<span class="kw">use </span>teaclave_proto::teaclave_common::UserCredential;
<span class="kw">use </span>teaclave_rpc::IntoRequest;
<span class="kw">use </span>teaclave_types::{UserAuthClaims, UserRole};
<span class="kw">fn </span>get_mock_service() -&gt; TeaclaveAuthenticationInternalService {
<span class="kw">let </span>database = Database::open(<span class="string">&quot;&quot;</span>).unwrap();
<span class="kw">let </span><span class="kw-2">mut </span>jwt_secret = <span class="macro">vec!</span>[<span class="number">0</span>; JWT_SECRET_LEN];
<span class="kw">let </span><span class="kw-2">mut </span>rng = rand::thread_rng();
rng.fill_bytes(<span class="kw-2">&amp;mut </span>jwt_secret);
<span class="kw">let </span>user = UserInfo::new(
<span class="string">&quot;test_authenticate_id&quot;</span>,
<span class="string">&quot;test_authenticate_id&quot;</span>,
UserRole::PlatformAdmin,
);
database.get_client().create_user(<span class="kw-2">&amp;</span>user).unwrap();
TeaclaveAuthenticationInternalService {
db_client: Arc::new(Mutex::new(database.get_client())),
jwt_secret,
}
}
<span class="kw">pub async fn </span>test_user_authenticate() {
<span class="kw">let </span>id = <span class="string">&quot;test_authenticate_id&quot;</span>;
<span class="kw">let </span>service = get_mock_service();
<span class="kw">let </span>user = service.db_client.lock().unwrap().get_user(id).unwrap();
<span class="kw">let </span>now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
<span class="kw">let </span>exp = (now + Duration::from_secs(<span class="number">24 </span>* <span class="number">60 </span>* <span class="number">60</span>)).as_secs(); <span class="comment">// 1 day
</span><span class="kw">let </span>token = user.get_token(exp, <span class="kw-2">&amp;</span>service.jwt_secret).unwrap();
<span class="kw">let </span>response = get_authenticate_response(id, <span class="kw-2">&amp;</span>token, <span class="kw-2">&amp;</span>service).<span class="kw">await</span>;
<span class="macro">assert!</span>(response.is_ok());
<span class="kw">let </span>token = validate_token(id, <span class="kw-2">&amp;</span>service.jwt_secret, <span class="kw-2">&amp;</span>token);
<span class="macro">debug!</span>(<span class="string">&quot;valid token: {:?}&quot;</span>, token.unwrap());
}
<span class="kw">pub async fn </span>test_invalid_algorithm() {
<span class="kw">let </span>id = <span class="string">&quot;test_authenticate_id&quot;</span>;
<span class="kw">let </span>service = get_mock_service();
<span class="kw">let </span>my_claims = get_correct_claim(id);
<span class="kw">let </span>token = gen_token(
my_claims,
<span class="prelude-val">Some</span>(jsonwebtoken::Algorithm::HS256),
<span class="kw-2">&amp;</span>service.jwt_secret,
);
<span class="kw">let </span>response = get_authenticate_response(id, <span class="kw-2">&amp;</span>token, <span class="kw-2">&amp;</span>service).<span class="kw">await</span>;
<span class="macro">assert!</span>(response.is_err());
<span class="kw">let </span>error = validate_token(id, <span class="kw-2">&amp;</span>service.jwt_secret, <span class="kw-2">&amp;</span>token);
<span class="macro">assert!</span>(error.is_err());
<span class="kw">match </span><span class="kw-2">*</span>error.unwrap_err().kind() {
jsonwebtoken::errors::ErrorKind::InvalidAlgorithm =&gt; (),
<span class="kw">_ </span>=&gt; <span class="macro">panic!</span>(<span class="string">&quot;wrong error type&quot;</span>),
}
}
<span class="kw">pub async fn </span>test_invalid_issuer() {
<span class="kw">let </span>id = <span class="string">&quot;test_authenticate_id&quot;</span>;
<span class="kw">let </span>service = get_mock_service();
<span class="kw">let </span><span class="kw-2">mut </span>my_claims = get_correct_claim(id);
my_claims.iss = <span class="string">&quot;wrong issuer&quot;</span>.to_string();
<span class="kw">let </span>token = gen_token(my_claims, <span class="prelude-val">None</span>, <span class="kw-2">&amp;</span>service.jwt_secret);
<span class="kw">let </span>response = get_authenticate_response(id, <span class="kw-2">&amp;</span>token, <span class="kw-2">&amp;</span>service).<span class="kw">await</span>;
<span class="macro">assert!</span>(response.is_err());
<span class="kw">let </span>error = validate_token(id, <span class="kw-2">&amp;</span>service.jwt_secret, <span class="kw-2">&amp;</span>token);
<span class="macro">assert!</span>(error.is_err());
<span class="kw">match </span><span class="kw-2">*</span>error.unwrap_err().kind() {
jsonwebtoken::errors::ErrorKind::InvalidIssuer =&gt; (),
<span class="kw">_ </span>=&gt; <span class="macro">panic!</span>(<span class="string">&quot;wrong error type&quot;</span>),
}
}
<span class="kw">pub async fn </span>test_expired_token() {
<span class="kw">let </span>id = <span class="string">&quot;test_authenticate_id&quot;</span>;
<span class="kw">let </span>service = get_mock_service();
<span class="kw">let </span><span class="kw-2">mut </span>my_claims = get_correct_claim(id);
my_claims.exp -= <span class="number">24 </span>* <span class="number">60 </span>+ <span class="number">1</span>;
<span class="kw">let </span>token = gen_token(my_claims, <span class="prelude-val">None</span>, <span class="kw-2">&amp;</span>service.jwt_secret);
<span class="kw">let </span>response = get_authenticate_response(id, <span class="kw-2">&amp;</span>token, <span class="kw-2">&amp;</span>service).<span class="kw">await</span>;
<span class="macro">assert!</span>(response.is_err());
<span class="kw">let </span>error = validate_token(id, <span class="kw-2">&amp;</span>service.jwt_secret, <span class="kw-2">&amp;</span>token);
<span class="macro">assert!</span>(error.is_err());
<span class="kw">match </span><span class="kw-2">*</span>error.unwrap_err().kind() {
jsonwebtoken::errors::ErrorKind::ExpiredSignature =&gt; (),
<span class="kw">_ </span>=&gt; <span class="macro">panic!</span>(<span class="string">&quot;wrong error type&quot;</span>),
}
}
<span class="kw">pub async fn </span>test_invalid_user() {
<span class="kw">let </span>id = <span class="string">&quot;test_authenticate_id&quot;</span>;
<span class="kw">let </span>service = get_mock_service();
<span class="kw">let </span><span class="kw-2">mut </span>my_claims = get_correct_claim(id);
my_claims.sub = <span class="string">&quot;wrong user&quot;</span>.to_string();
my_claims.role = UserRole::PlatformAdmin.to_string();
<span class="kw">let </span>token = gen_token(my_claims, <span class="prelude-val">None</span>, <span class="kw-2">&amp;</span>service.jwt_secret);
<span class="kw">let </span>response = get_authenticate_response(id, <span class="kw-2">&amp;</span>token, <span class="kw-2">&amp;</span>service).<span class="kw">await</span>;
<span class="macro">assert!</span>(response.is_err());
<span class="kw">let </span>error = validate_token(id, <span class="kw-2">&amp;</span>service.jwt_secret, <span class="kw-2">&amp;</span>token);
<span class="macro">assert!</span>(error.is_err());
<span class="kw">match </span><span class="kw-2">*</span>error.unwrap_err().kind() {
jsonwebtoken::errors::ErrorKind::InvalidSubject =&gt; (),
<span class="kw">_ </span>=&gt; <span class="macro">panic!</span>(<span class="string">&quot;wrong error type&quot;</span>),
}
}
<span class="kw">pub async fn </span>test_wrong_secret() {
<span class="kw">let </span>id = <span class="string">&quot;test_authenticate_id&quot;</span>;
<span class="kw">let </span>service = get_mock_service();
<span class="kw">let </span>my_claims = get_correct_claim(id);
<span class="kw">let </span>token = gen_token(my_claims, <span class="prelude-val">None</span>, <span class="string">b&quot;bad secret&quot;</span>);
<span class="kw">let </span>response = get_authenticate_response(id, <span class="kw-2">&amp;</span>token, <span class="kw-2">&amp;</span>service).<span class="kw">await</span>;
<span class="macro">assert!</span>(response.is_err());
<span class="kw">let </span>error = validate_token(id, <span class="kw-2">&amp;</span>service.jwt_secret, <span class="kw-2">&amp;</span>token);
<span class="macro">assert!</span>(error.is_err());
<span class="kw">match </span><span class="kw-2">*</span>error.unwrap_err().kind() {
jsonwebtoken::errors::ErrorKind::InvalidSignature =&gt; (),
<span class="kw">_ </span>=&gt; <span class="macro">panic!</span>(<span class="string">&quot;wrong error type&quot;</span>),
}
}
<span class="kw">fn </span>get_correct_claim(id: <span class="kw-2">&amp;</span>str) -&gt; UserAuthClaims {
<span class="kw">let </span>now = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_secs();
UserAuthClaims {
sub: id.to_owned(),
role: UserRole::PlatformAdmin.to_string(),
iss: ISSUER_NAME.to_string(),
exp: now + <span class="number">24 </span>* <span class="number">60</span>,
}
}
<span class="kw">fn </span>gen_token(
claim: UserAuthClaims,
bad_alg: <span class="prelude-ty">Option</span>&lt;jsonwebtoken::Algorithm&gt;,
secret: <span class="kw-2">&amp;</span>[u8],
) -&gt; String {
<span class="kw">let </span>header = jsonwebtoken::Header {
alg: bad_alg.unwrap_or(JWT_ALG),
..Default::default()
};
<span class="kw">let </span>secret = jsonwebtoken::EncodingKey::from_secret(secret);
jsonwebtoken::encode(<span class="kw-2">&amp;</span>header, <span class="kw-2">&amp;</span>claim, <span class="kw-2">&amp;</span>secret).unwrap()
}
<span class="kw">async fn </span>get_authenticate_response(
id: <span class="kw-2">&amp;</span>str,
token: <span class="kw-2">&amp;</span>str,
service: <span class="kw-2">&amp;</span>TeaclaveAuthenticationInternalService,
) -&gt; TeaclaveServiceResponseResult&lt;UserAuthenticateResponse&gt; {
<span class="kw">let </span>credential = UserCredential::new(id, token);
<span class="kw">let </span>request = UserAuthenticateRequest::new(credential).into_request();
service.user_authenticate(request).<span class="kw">await
</span>}
<span class="kw">fn </span>validate_token(
id: <span class="kw-2">&amp;</span>str,
secret: <span class="kw-2">&amp;</span>[u8],
token: <span class="kw-2">&amp;</span>str,
) -&gt; jsonwebtoken::errors::Result&lt;jsonwebtoken::TokenData&lt;UserAuthClaims&gt;&gt; {
<span class="kw">let </span>validation = jsonwebtoken::Validation {
iss: <span class="prelude-val">Some</span>(ISSUER_NAME.to_string()),
sub: <span class="prelude-val">Some</span>(id.to_string()),
algorithms: <span class="macro">vec!</span>[JWT_ALG],
..Default::default()
};
<span class="kw">let </span>secret = jsonwebtoken::DecodingKey::from_secret(secret);
jsonwebtoken::decode::&lt;UserAuthClaims&gt;(token, <span class="kw-2">&amp;</span>secret, <span class="kw-2">&amp;</span>validation)
}
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="teaclave_authentication_service_enclave" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>