pub struct Client<EF: ExtraTokenFields, TT: TokenType, TE: ErrorResponseType> { /* private fields */ }
Expand description
Stores the configuration for an OAuth2 client.
Implementations§
source§impl<EF: ExtraTokenFields, TT: TokenType, TE: ErrorResponseType> Client<EF, TT, TE>
impl<EF: ExtraTokenFields, TT: TokenType, TE: ErrorResponseType> Client<EF, TT, TE>
sourcepub fn new(
client_id: ClientId,
client_secret: Option<ClientSecret>,
auth_url: AuthUrl,
token_url: Option<TokenUrl>
) -> Self
pub fn new(
client_id: ClientId,
client_secret: Option<ClientSecret>,
auth_url: AuthUrl,
token_url: Option<TokenUrl>
) -> Self
Initializes an OAuth2 client with the fields common to most OAuth2 flows.
Arguments
client_id
- Client IDclient_secret
- Optional client secret. A client secret is generally used for private (server-side) OAuth2 clients and omitted from public (client-side or native app) OAuth2 clients (see RFC 8252).auth_url
- Authorization endpoint: used by the client to obtain authorization from the resource owner via user-agent redirection. This URL is used in all standard OAuth2 flows except the Resource Owner Password Credentials Grant and the Client Credentials Grant.token_url
- Token endpoint: used by the client to exchange an authorization grant (code) for an access token, typically with client authentication. This URL is used in all standard OAuth2 flows except the Implicit Grant. If this value is set toNone
, theexchange_*
methods will returnErr(RequestTokenError::Other(_))
.
sourcepub fn set_auth_type(self, auth_type: AuthType) -> Self
pub fn set_auth_type(self, auth_type: AuthType) -> Self
Configures the type of client authentication used for communicating with the authorization server.
The default is to use HTTP Basic authentication, as recommended in Section 2.3.1 of RFC 6749.
sourcepub fn set_redirect_url(self, redirect_url: RedirectUrl) -> Self
pub fn set_redirect_url(self, redirect_url: RedirectUrl) -> Self
Sets the the redirect URL used by the authorization endpoint.
Produces the full authorization URL used by the Authorization Code Grant flow, which is the most common OAuth2 flow.
Arguments
state_fn
- A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.
Security Warning
Callers should use a fresh, unpredictable state
for each authorization request and verify
that this value matches the state
parameter passed by the authorization server to the
redirect URI. Doing so mitigates
Cross-Site Request Forgery
attacks. To disable CSRF protections (NOT recommended), use insecure::authorize_url
instead.
Produces the full authorization URL used by the Implicit Grant flow.
Arguments
state_fn
- A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.
Security Warning
Callers should use a fresh, unpredictable state
for each authorization request and verify
that this value matches the state
parameter passed by the authorization server to the
redirect URI. Doing so mitigates
Cross-Site Request Forgery
attacks. To disable CSRF protections (NOT recommended), use
insecure::authorize_url_implicit
instead.
Produces the full authorization URL used by an OAuth2 extension.
Arguments
response_type
- The response type this client expects from the authorization endpoint. For"code"
or"token"
response types, instead use theauthorize_url
orauthorize_url_implicit
functions, respectively.state_fn
- A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.extra_params
- Additional parameters as required by the applicable OAuth2 extension(s). Callers should NOT specify any of the following parameters:response_type
,client_id
,redirect_uri
, orscope
.
Security Warning
Callers should use a fresh, unpredictable state
for each authorization request and verify
that this value matches the state
parameter passed by the authorization server to the
redirect URI. Doing so mitigates
Cross-Site Request Forgery
attacks.
Callers should follow the security recommendations for any OAuth2 extensions used with this function, which are beyond the scope of RFC 6749.
sourcepub fn exchange_code(
&self,
code: AuthorizationCode
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
pub fn exchange_code(
&self,
code: AuthorizationCode
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
Exchanges a code produced by a successful authorization process with an access token.
Acquires ownership of the code
because authorization codes may only be used to retrieve
an access token from the authorization server.
See https://tools.ietf.org/html/rfc6749#section-4.1.3
sourcepub fn exchange_code_extension<T>(
&self,
code: AuthorizationCode,
extra_params: &[(&str, T)]
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>where
T: AsRef<str> + Clone,
pub fn exchange_code_extension<T>(
&self,
code: AuthorizationCode,
extra_params: &[(&str, T)]
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>where
T: AsRef<str> + Clone,
Exchanges a code produced by a successful authorization process with an access token.
Acquires ownership of the code
because authorization codes may only be used to retrieve
an access token from the authorization server.
See https://tools.ietf.org/html/rfc6749#section-4.1.3
sourcepub fn exchange_password(
&self,
username: &ResourceOwnerUsername,
password: &ResourceOwnerPassword
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
pub fn exchange_password(
&self,
username: &ResourceOwnerUsername,
password: &ResourceOwnerPassword
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
Requests an access token for the password grant type.
See https://tools.ietf.org/html/rfc6749#section-4.3.2
sourcepub fn exchange_client_credentials(
&self
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
pub fn exchange_client_credentials(
&self
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
Requests an access token for the client credentials grant type.
See https://tools.ietf.org/html/rfc6749#section-4.4.2
sourcepub fn exchange_refresh_token(
&self,
refresh_token: &RefreshToken
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
pub fn exchange_refresh_token(
&self,
refresh_token: &RefreshToken
) -> Result<TokenResponse<EF, TT>, RequestTokenError<TE>>
Exchanges a refresh token for an access token
See https://tools.ietf.org/html/rfc6749#section-6