Skip to main content

bitwarden_auth/login/api/response/
login_success_api_response.rs

1use bitwarden_api_api::models::{MasterPasswordPolicyResponseModel, PrivateKeysResponseModel};
2use bitwarden_api_identity::models::KdfType;
3use serde::{Deserialize, Serialize};
4
5use crate::login::api::response::UserDecryptionOptionsApiResponse;
6
7/// API response model for a successful login via the Identity API.
8/// OAuth 2.0 Successful Response RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-5.1>
9#[derive(Serialize, Deserialize, Debug, PartialEq)]
10pub(crate) struct LoginSuccessApiResponse {
11    /// The access token string.
12    pub access_token: String,
13    /// The duration in seconds until the token expires.
14    pub expires_in: u64,
15    /// The scope of the access token.
16    /// OAuth 2.0 RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-3.3>
17    pub scope: String,
18
19    /// The type of the token.
20    /// This will be "Bearer" for send access tokens.
21    /// OAuth 2.0 RFC reference: <https://datatracker.ietf.org/doc/html/rfc6749#section-7.1>
22    pub token_type: String,
23
24    /// The optional refresh token string.
25    /// This token can be used to obtain new access tokens when the current one expires.
26    pub refresh_token: Option<String>,
27
28    // Custom Bitwarden connect/token response fields:
29    // We send down uppercase fields today so we have to map them accordingly +
30    // we add aliases for deserialization flexibility.
31    /// The user key wrapped user private key
32    /// Deprecated in favor of the `AccountKeys` field but still present for backward
33    /// compatibility.
34    #[serde(rename = "PrivateKey", alias = "privateKey")]
35    pub private_key: Option<String>,
36
37    /// The user's asymmetric encryption keys and signature keys
38    #[serde(rename = "AccountKeys", alias = "accountKeys")]
39    pub account_keys: Option<PrivateKeysResponseModel>,
40
41    /// The master key wrapped user key.
42    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
43    #[serde(rename = "Key", alias = "key")]
44    pub key: Option<String>,
45
46    /// Two factor remember me token to be used for future requests
47    /// to bypass 2FA prompts for a limited time.
48    #[serde(rename = "TwoFactorToken", alias = "twoFactorToken")]
49    pub two_factor_token: Option<String>,
50
51    /// Master key derivation function type
52    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
53    #[serde(rename = "Kdf", alias = "kdf")]
54    pub kdf: Option<KdfType>,
55
56    /// Master key derivation function iterations
57    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
58    #[serde(rename = "KdfIterations", alias = "kdfIterations")]
59    pub kdf_iterations: Option<i32>,
60
61    /// Master key derivation function memory
62    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
63    #[serde(rename = "KdfMemory", alias = "kdfMemory")]
64    pub kdf_memory: Option<i32>,
65
66    /// Master key derivation function parallelism
67    #[deprecated(note = "Use `user_decryption_options.master_password_unlock` instead")]
68    #[serde(rename = "KdfParallelism", alias = "kdfParallelism")]
69    pub kdf_parallelism: Option<i32>,
70
71    /// Indicates whether an admin has reset the user's master password,
72    /// requiring them to set a new password upon next login.
73    #[serde(rename = "ForcePasswordReset", alias = "forcePasswordReset")]
74    pub force_password_reset: Option<bool>,
75
76    /// Indicates whether the user uses Key Connector and if the client should have a locally
77    /// configured Key Connector URL in their environment.
78    /// Note: This is currently only applicable for client_credential grant type logins and
79    /// is only expected to be relevant for the CLI
80    #[serde(rename = "ApiUseKeyConnector", alias = "apiUseKeyConnector")]
81    pub api_use_key_connector: Option<bool>,
82
83    /// The user's decryption options for their vault.
84    #[serde(rename = "UserDecryptionOptions", alias = "userDecryptionOptions")]
85    pub user_decryption_options: Option<UserDecryptionOptionsApiResponse>,
86
87    /// If the user is subject to an organization master password policy,
88    /// this field contains the requirements of that policy.
89    #[serde(rename = "MasterPasswordPolicy", alias = "masterPasswordPolicy")]
90    pub master_password_policy: Option<MasterPasswordPolicyResponseModel>,
91}