bitwarden_auth/login/api/response/login_success_api_response.rs
1use bitwarden_api_api::models::{MasterPasswordPolicyResponseModel, PrivateKeysResponseModel};
2use bitwarden_api_identity::models::KdfType;
3use serde::{Deserialize, Serialize};
4
5use crate::login::api::response::UserDecryptionOptionsApiResponse;
6
7/// API response model for a successful login via the Identity API.
8/// OAuth 2.0 Successful Response RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-5.1>
9#[derive(Serialize, Deserialize, Debug, PartialEq)]
10pub(crate) struct LoginSuccessApiResponse {
11 /// The access token string.
12 pub access_token: String,
13 /// The duration in seconds until the token expires.
14 pub expires_in: u64,
15 /// The scope of the access token.
16 /// OAuth 2.0 RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-3.3>
17 pub scope: String,
18
19 /// The type of the token.
20 /// This will be "Bearer" for send access tokens.
21 /// OAuth 2.0 RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-7.1>
22 pub token_type: String,
23
24 /// The optional refresh token string.
25 /// This token can be used to obtain new access tokens when the current one expires.
26 pub refresh_token: Option<String>,
27
28 // Custom Bitwarden connect/token response fields:
29 // We send down uppercase fields today so we have to map them accordingly +
30 // we add aliases for deserialization flexibility.
31 /// The user key wrapped user private key
32 /// Deprecated in favor of the `AccountKeys` field but still present for backward
33 /// compatibility. and we can't expose AccountKeys in our LoginSuccessResponse until we get
34 /// a PrivateKeysResponseModel SDK response model from KM with WASM / uniffi support.
35 /// TODO: PM-30222 - clean up the comment about not being able to expose AccountKeys once
36 /// we have a trait to convert PrivateKeysResponseModel to WrappedAccountCryptographicState
37 #[serde(rename = "PrivateKey", alias = "privateKey")]
38 pub private_key: Option<String>,
39
40 /// The user's asymmetric encryption keys and signature keys
41 #[serde(rename = "AccountKeys", alias = "accountKeys")]
42 pub account_keys: Option<PrivateKeysResponseModel>,
43
44 /// The master key wrapped user key.
45 #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
46 #[serde(rename = "Key", alias = "key")]
47 pub key: Option<String>,
48
49 /// Two factor remember me token to be used for future requests
50 /// to bypass 2FA prompts for a limited time.
51 #[serde(rename = "TwoFactorToken", alias = "twoFactorToken")]
52 pub two_factor_token: Option<String>,
53
54 /// Master key derivation function type
55 #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
56 #[serde(rename = "Kdf", alias = "kdf")]
57 pub kdf: Option<KdfType>,
58
59 /// Master key derivation function iterations
60 #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
61 #[serde(rename = "KdfIterations", alias = "kdfIterations")]
62 pub kdf_iterations: Option<i32>,
63
64 /// Master key derivation function memory
65 #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
66 #[serde(rename = "KdfMemory", alias = "kdfMemory")]
67 pub kdf_memory: Option<i32>,
68
69 /// Master key derivation function parallelism
70 #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
71 #[serde(rename = "KdfParallelism", alias = "kdfParallelism")]
72 pub kdf_parallelism: Option<i32>,
73
74 /// Indicates whether an admin has reset the user's master password,
75 /// requiring them to set a new password upon next login.
76 #[serde(rename = "ForcePasswordReset", alias = "forcePasswordReset")]
77 pub force_password_reset: Option<bool>,
78
79 /// Indicates whether the user uses Key Connector and if the client should have a locally
80 /// configured Key Connector URL in their environment.
81 /// Note: This is currently only applicable for client_credential grant type logins and
82 /// is only expected to be relevant for the CLI
83 #[serde(rename = "ApiUseKeyConnector", alias = "apiUseKeyConnector")]
84 pub api_use_key_connector: Option<bool>,
85
86 /// The user's decryption options for their vault.
87 #[serde(rename = "UserDecryptionOptions", alias = "userDecryptionOptions")]
88 pub user_decryption_options: Option<UserDecryptionOptionsApiResponse>,
89
90 /// If the user is subject to an organization master password policy,
91 /// this field contains the requirements of that policy.
92 #[serde(rename = "MasterPasswordPolicy", alias = "masterPasswordPolicy")]
93 pub master_password_policy: Option<MasterPasswordPolicyResponseModel>,
94}