ones_oidc/
lib.rs

1//! ONES OpenID Connect client for Rust
2//! 
3//! This library provides authentication with ONES using OpenID Connect (OIDC) 
4//! and Client Initiated Backchannel Authentication (CIBA).
5//!
6//! # Quick Start
7//!
8//! ```rust,no_run
9//! use ones_oidc::{OpenIdconnectClient, OnesOidcConfig, load_device_config, read_private_key};
10//! use openidconnect::{core::CoreProviderMetadata, reqwest::async_http_client};
11//!
12//! # async fn example() -> Result<(), Box<dyn std::error::Error>> {
13//! // Load device configuration
14//! let device_config = load_device_config("device_config.yml")?;
15//! let private_key = read_private_key("private_key.pem")?;
16//! 
17//! // Get issuer URL and discover metadata
18//! let issuer_url = device_config.get_issuer_url()?;
19//! let provider_metadata = CoreProviderMetadata::discover_async(
20//!     issuer_url.clone(),
21//!     async_http_client,
22//! ).await?;
23//! 
24//! // Create client with configuration
25//! let config = OnesOidcConfig::default()
26//!     .timeout(std::time::Duration::from_secs(10));
27//!     
28//! let client = OpenIdconnectClient::with_config(
29//!     device_config.client_id,
30//!     issuer_url,
31//!     provider_metadata,
32//!     private_key,
33//!     config,
34//! );
35//! # Ok(())
36//! # }
37//! ```
38
39// Private implementation modules
40mod config;
41mod device;
42mod device_config;
43mod discovery;
44mod errors;
45mod http_client;
46mod identifier;
47mod oidc;
48mod oidc_backend;
49mod oidc_types;
50mod utils;
51mod well_known;
52
53// Optional public modules for advanced usage
54pub mod actions;
55
56// === Core API ===
57
58/// Main OIDC client for authentication operations
59pub use oidc::OpenIdconnectClient;
60
61/// Configuration for the OIDC client
62pub use config::OnesOidcConfig;
63
64/// Device configuration loading utilities
65pub use device_config::{load_device_config, DeviceConfig};
66
67/// Private key utilities
68pub use utils::read_private_key;
69
70/// OIDC discovery with retry support
71pub use discovery::{discover_provider_metadata, discover_provider_metadata_from_str};
72
73// === Error Types ===
74
75pub use errors::{DeviceError, DiscoveryError, OidcError, UtilsError, WellKnownApplicationsError};
76
77// === Authentication Types ===
78
79pub use oidc_types::{
80    AuthenticatedEntity,
81    AuthenticatedEntityKind,
82    AuthenticationMethod,
83    AuthenticationResult,
84    LoginHint,
85};
86
87// === Identifier Types ===
88
89pub use identifier::{IdentifierType, NewIdentifier};
90
91// === Well-Known Application Discovery ===
92
93pub use well_known::{
94    get_applications_well_known, 
95    get_well_known_application_by_client_identifier, 
96    ApplicationType,
97    ApplicationsWellKnown,
98};
99
100// === OIDC Backend Types (for advanced users) ===
101
102pub use oidc_backend::{
103    AuthRequestResource,
104    CibaLoginRequestFrontend,
105    CibaLoginRequestFrontendWithoutResource,
106    CibaStatusRequestFrontend,
107    QrStatusRequest,
108    QrStatusRequestFrontend,
109    RefreshTokenRequestFrontend,
110};
111
112// === Default Configuration Paths ===
113
114/// Default path for device configuration file
115pub const DEFAULT_DEVICE_CONFIG_PATH: &str = "/etc/px-device-identity/device.yml";
116
117/// Default path for device private key file  
118pub const DEFAULT_PRIVATE_KEY_PATH: &str = "/root/.local/share/px-device-identity/private.pem";
119
120// === Re-exported OpenIDConnect Types ===
121
122/// Re-exported types from the `openidconnect` crate for convenience
123pub use openidconnect::{
124    core::{CoreProviderMetadata, CoreTokenType},
125    ClientId, 
126    EmptyExtraTokenFields, 
127    StandardTokenResponse, 
128    IssuerUrl,
129    AccessToken,
130};
ones_oidc/lib.rs

ones_oidc/
lib.rs
