hessra-token-authz
| Crates.io | hessra-token-authz |
| lib.rs | hessra-token-authz |
| version | 0.1.0 |
| created_at | 2025-08-23 16:34:22.112241+00 |
| updated_at | 2025-08-23 16:34:22.112241+00 |
| description | Authorization token implementation for Hessra SDK |
| homepage | |
| repository | https://github.com/Hessra-Labs/hessra-sdk.rs |
| max_upload_size | |
| id | 1807659 |
| size | 113,744 |
Jake (jcorrv)
documentation
https://docs.rs/hessra-token-authz
README
hessra-token-authz
Authorization token implementation for Hessra SDK.
This crate provides functionality for creating, verifying, and attesting authorization tokens using the Biscuit token format.
Features
- Authorization token creation and verification
- Service chain attestation support
- Multi-party token signoff
- Offline token verification using public keys
- Strong cryptographic guarantees using Biscuit tokens
Usage
use hessra_token_authz::{verify_biscuit_local, verify_service_chain_biscuit_local};
use biscuit_auth::PublicKey;
// Verify a simple authorization token
let public_key = PublicKey::from_pem(&public_key_pem)?;
verify_biscuit_local(
&token,
public_key,
"subject",
"resource",
"operation"
)?;
// Verify a token with service chain attestations
verify_service_chain_biscuit_local(
&token,
public_key,
"subject",
"resource",
"operation",
&service_chain,
None
)?;
Service Chain Attestation
Service chains allow tokens to be attested by multiple services in a defined order, providing cryptographic proof that a request passed through the proper authorization checkpoints.
License
Apache-2.0