A collection of Rust modules for interacting with IBM Cloud IAM (Identity and Access Managment)
Current features:
- Requesting IAM access tokens via an intelligent and thread safe caching mechanism (TokenManager)
- Validating IAM access tokens and inspecting the claims within
- Authorizing user actions via Subject, Action, Resource requests to the PDP IAM service
```rust use ibmcloudiam::token::{TokenManager, DEFAULTIAM_ENDPOINT};
// grab an API key from environment variables to use for token getting purposes let apikey = std::env::var("IBMCLOUDAPIKEY").unwrap(); let tm = TokenManager::new(&apikey, DEFAULTIAMENDPOINT);
// now whenever an access token is needed, call tm.token()
// this will return a cached non-expired Token if possible,
// otherwise it will request a new token from IAM, cache it, and return it
// gets a new Token, since none has been retrieved yet let tok1 = tm.token().unwrap();
// returns the same Token as above, since it is cached and not expired let tok2 = tm.token().unwrap();
assert_eq!(tok1, tok2);
// the Bearer token is available on the Token struct as 'accesstoken' let bearertoken = format!("Bearer {}", tok1.access_token); ```
```rust use ibmcloudiam::token::TokenManager; use ibmcloudiam::jwt::validate_token;
// lazy way of getting a TokenManager with the // API key from 'IBMCLOUDAPIKEY' in your environment vars let tm = TokenManager::default(); let token = tm.token().unwrap();
// base url of the IAM endpoint you'll be using to validate tokens let endpoint = "https://iam.cloud.ibm.com";
// validate the token signature, expiration, issuer, and issuedat claims, and return all the claims let claims = validatetoken(&token, &endpoint).unwrap();
println!("{:#?}", claims); ```
Please see pdp_auth.rs in examples for a demonstration on how to interact with PDP