Crate bitwarden_auth

Expand description

§Bitwarden Auth

Contains the implementation of the auth functionality for the Bitwarden Password Manager.

LoginClient: Authenticates Bitwarden users to obtain access tokens.

Password: Email and master password authentication (2FA not yet supported)
- See crate::login::LoginClient::login_via_password
Future: SSO, device-based, etc.

api 🔒: Module for API specific types / enums / etc. Note: API in the this case is generically used for any API calls. Not BW API vs BW Identity on server.
auth_client 🔒
login: The Login module provides the LoginClient and related types for authenticating Bitwarden users via various mechanisms (password, SSO, etc.) to obtain OAuth2 tokens from the Bitwarden Identity API.
registration: The registration module provides the registration client and related type for registering new Bitwarden users via various cryptographic mechanisms to establish their cryptographic state and register with the Bitwarden server
send_access: The SendAccess module handles send access token requests and responses. We use a custom extension OAuth2 grant type to request send access tokens outside the context of a Bitwarden user. This will be used by the send portion of the Bitwarden web app to allow users to access send access functionality without needing to log in to a Bitwarden account. Sends can be anonymous, password protected, or email protected. If you request an access token for an anonymous send by id, no credentials are required. If you request an access token for a password protected send, you must provide a correct password hash. If you request an access token for an email protected send, you must provide the email address and a one-time passcode (OTP) sent to that email address.
token_management: Token renewal module.

AuthClientExt: Extension trait for Client to provide access to the AuthClient.