refactor everything with more abstraction and a nicer interface

1 files changed, 21 insertions, 22 deletions

diff --git a/crates/iam/src/api.rs b/crates/iam/src/api.rs
index 841aa9e..ace3199 100644
--- a/crates/iam/src/api.rs
+++ b/crates/iam/src/api.rs
@@ -1,7 +1,7 @@
 use crate::ISSUE_TRACKER_LOC;
 use clap::{Parser, Subcommand, ValueEnum};
 use colored::*;
-use secd::{IdentityId, OauthProviderName};
+use secd::IdentityId;
 use serde::{Deserialize, Serialize};
 use thiserror;
 use url::Url;
@@ -183,7 +183,6 @@ pub enum AdminObject {
     },
     /// A selected Oauth2.0 provider capable of authenticating identities
     Oauth2Provider {
-        provider: OauthProviderName,
         client_id: String,
         secret: String,
         redirect_url: Url,
@@ -310,7 +309,7 @@ pub enum CreateObject {
         secret_code: String,
     },
     #[command(
-        about = "An action which initiates an identity validation",
+        about = "An action which initiates an address validation",
         long_about = "Validation\n\nA validation requires that the identity authenticate in some way, either by providing IAM managed credentials, an external gated mechanism (e.g. email, phone, or hardware key), or through a secondary authentication provider (oauth, saml, ldap, kerberos)."
     )]
     Validation {
@@ -319,7 +318,21 @@ pub enum CreateObject {
         method: ValidationMethod,
         /// The identity against which to associate this validation. A new identity will be created if no identity is provided.
         #[arg(long, short)]
-        identity: Option<Uuid>,
+        identity_id: Option<Uuid>,
+    },
+    #[command(
+        about = "An action which completes an address validation",
+        long_about = "Validation Completion\n\nA validation completion depends on an existing address validation, which is validated based on the provided validation id and secret token or secret code"
+    )]
+    ValidationCompletion {
+        /// The validation id against which to complete the validation.
+        validation_id: Uuid,
+        /// The secret token for the validation. A token or code must be provided.
+        #[arg(long, short)]
+        token: Option<String>,
+        /// The secret code for the validation. A code or token must be provided.
+        #[arg(long, short)]
+        code: Option<String>,
     },
 }
 
@@ -343,26 +356,12 @@ pub enum ValidationMethod {
         /// Email address which will receive the validation
         address: String,
     },
-    /// A hardware security key to associate with an identity
-    HardwareKey,
-    /// A kerberos ticket to associated with an identity
-    Kerberos,
-    /// An oauth2 provider to authenticate (and authorize) an identity
-    Oauth2 {
-        provider: OauthProviderName,
-        /// An optional scope to use for authorization
-        scope: Option<String>,
-        /// An optional existing identity to link to this validation request
-        identity: Option<IdentityId>,
-    },
-    /// A phone which an identity may authenticate via SMS or voice
+    /// A phone which an identity may authenticate via SMS or Voice
     Phone {
         /// Whether to use a voice code. Otherwise, uses SMS
         #[arg(long, short, action)]
         use_voice: bool,
     },
-    /// A saml provider to authenticate an identity
-    Saml,
 }
 
 #[derive(Subcommand)]
@@ -379,8 +378,8 @@ pub enum GetObject {
         id: Option<Uuid>,
     },
     Identity {
-        /// Unique identity id
-        id: Uuid,
+        /// Any session corresponding to this identity.
+        session_token: String,
     },
     Permission {
         /// Unique permission name
@@ -497,7 +496,7 @@ pub struct ConfigProfile {
     pub name: String,
     pub store: secd::AuthStore,
     pub store_conn: String,
-    pub emailer: secd::AuthEmail,
+    pub emailer: secd::AuthEmailMessenger,
     pub email_template_login: Option<String>,
     pub email_template_signup: Option<String>,
 }