Skip to content

Commit

Permalink
docs: Improve authentication flow documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@duesee @jakoschiko
duesee authored and jakoschiko committed Jan 8, 2024
1 parent 85968e5 commit b7173b9
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 1 deletion.
7 changes: 7 additions & 0 deletions src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -382,6 +382,13 @@ pub enum ClientFlowEvent {
handle: ClientFlowCommandHandle,
},
/// Server is requesting (more) authentication data.
///
/// The client MUST call [`ClientFlow::authenticate_continue`] next.
///
/// Note: The client can also progress the authentication by sending [`AuthenticateData::Cancel`].
/// However, it's up to the server to abort the authentication flow by sending a tagged status
/// response. In this case, the client will receive either a [`ClientFlowEvent::AuthenticateAccepted`]
/// or [`ClientFlowEvent::AuthenticateRejected`] event.
ContinuationAuthenticateReceived {
/// Handle to the enqueued [`Command`].
handle: ClientFlowCommandHandle,
Expand Down
14 changes: 13 additions & 1 deletion src/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,12 +397,24 @@ pub enum ServerFlowEvent {
/// Command received.
CommandReceived { command: Command<'static> },
/// Command AUTHENTICATE received.
///
/// Note: The server MUST call [`ServerFlow::authenticate_continue`] (if it needs more data for
/// authentication) or [`ServerFlow::authenticate_finish`] (if there already is enough data for
/// authentication) next. "Enough data" is determined by the used SASL mechanism, if there was
/// an initial response (SASL-IR), etc.
CommandAuthenticateReceived {
command_authenticate: CommandAuthenticate,
},
/// Continuation to AUTHENTICATE received.
///
/// Note: This can either mean `Continue` or `Cancel` depending on `authenticate_data`.
/// Note: The server MUST call [`ServerFlow::authenticate_continue`] (if it needs more data for
/// authentication) or [`ServerFlow::authenticate_finish`] (if there already is enough data for
/// authentication) next. "Enough data" is determined by the used SASL mechanism, if there was
/// an initial response (SASL-IR), etc.
///
/// Note, too: The client may abort the authentication by using [`AuthenticateData::Cancel`].
/// Make sure to honor the client's request to not end up in an infinite loop. It's up to the
/// server to end the authentication flow.
AuthenticateDataReceived { authenticate_data: AuthenticateData },
}

Expand Down

0 comments on commit b7173b9

Please sign in to comment.