[−][src]Struct openidconnect::Client
OpenID Connect client.
Implementations
impl<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: AdditionalClaims,
AD: AuthDisplay,
GC: GenderClaim,
JE: JweContentEncryptionAlgorithm<JT>,
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
P: AuthPrompt,
TE: ErrorResponse,
TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
TT: TokenType + 'static,
[src]
AC: AdditionalClaims,
AD: AuthDisplay,
GC: GenderClaim,
JE: JweContentEncryptionAlgorithm<JT>,
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
P: AuthPrompt,
TE: ErrorResponse,
TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
TT: TokenType + 'static,
pub fn new(
client_id: ClientId,
client_secret: Option<ClientSecret>,
issuer: IssuerUrl,
auth_url: AuthUrl,
token_url: Option<TokenUrl>,
userinfo_endpoint: Option<UserInfoUrl>,
jwks: JsonWebKeySet<JS, JT, JU, K>
) -> Self
[src]
client_id: ClientId,
client_secret: Option<ClientSecret>,
issuer: IssuerUrl,
auth_url: AuthUrl,
token_url: Option<TokenUrl>,
userinfo_endpoint: Option<UserInfoUrl>,
jwks: JsonWebKeySet<JS, JT, JU, K>
) -> Self
Initializes an OpenID Connect client.
pub fn from_provider_metadata<A, CA, CN, CT, G, JK, RM, RT, S>(
provider_metadata: ProviderMetadata<A, AD, CA, CN, CT, G, JE, JK, JS, JT, JU, K, RM, RT, S>,
client_id: ClientId,
client_secret: Option<ClientSecret>
) -> Self where
A: AdditionalProviderMetadata,
CA: ClientAuthMethod,
CN: ClaimName,
CT: ClaimType,
G: GrantType,
JK: JweKeyManagementAlgorithm,
RM: ResponseMode,
RT: ResponseType,
S: SubjectIdentifierType,
[src]
provider_metadata: ProviderMetadata<A, AD, CA, CN, CT, G, JE, JK, JS, JT, JU, K, RM, RT, S>,
client_id: ClientId,
client_secret: Option<ClientSecret>
) -> Self where
A: AdditionalProviderMetadata,
CA: ClientAuthMethod,
CN: ClaimName,
CT: ClaimType,
G: GrantType,
JK: JweKeyManagementAlgorithm,
RM: ResponseMode,
RT: ResponseType,
S: SubjectIdentifierType,
Initializes an OpenID Connect client from OpenID Connect Discovery provider metadata.
Use ProviderMetadata::discover
or
ProviderMetadata::discover_async
to fetch the provider metadata.
pub fn set_auth_type(self, auth_type: AuthType) -> Self
[src]
Configures the type of client authentication used for communicating with the authorization server.
The default is to use HTTP Basic authentication, as recommended in Section 2.3.1 of RFC 6749.
pub fn set_redirect_uri(self, redirect_uri: RedirectUrl) -> Self
[src]
Sets the the redirect URL used by the authorization endpoint.
pub fn enable_openid_scope(self) -> Self
[src]
Enables the openid
scope to be requested automatically.
This scope is requested by default, so this function is only useful after previous calls to
disable_openid_scope
.
pub fn disable_openid_scope(self) -> Self
[src]
Disables the openid
scope from being requested automatically.
pub fn id_token_verifier(&self) -> IdTokenVerifier<JS, JT, JU, K>
[src]
Returns an ID token verifier for use with the IdToken::claims
method.
pub fn authorize_url<NF, RT, SF>(
&self,
authentication_flow: AuthenticationFlow<RT>,
state_fn: SF,
nonce_fn: NF
) -> AuthorizationRequest<AD, P, RT> where
NF: FnOnce() -> Nonce + 'static,
RT: ResponseType,
SF: FnOnce() -> CsrfToken + 'static,
[src]
&self,
authentication_flow: AuthenticationFlow<RT>,
state_fn: SF,
nonce_fn: NF
) -> AuthorizationRequest<AD, P, RT> where
NF: FnOnce() -> Nonce + 'static,
RT: ResponseType,
SF: FnOnce() -> CsrfToken + 'static,
Generates an authorization URL for a new authorization request.
NOTE: Passing authorization request parameters as a JSON Web Token
instead of URL query parameters is not currently supported. The
claims
parameter
is also not directly supported, although the AuthorizationRequest::add_extra_param
method can be used to add custom parameters, including claims
.
Arguments
authentication_flow
- The authentication flow to use (code, implicit, or hybrid).state_fn
- A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.nonce_fn
- Similar tostate_fn
, but used to generate an opaque nonce to be used when verifying the ID token returned by the OpenID Connect Provider.
Security Warning
Callers should use a fresh, unpredictable state
for each authorization request and verify
that this value matches the state
parameter passed by the authorization server to the
redirect URI. Doing so mitigates
Cross-Site Request Forgery
attacks.
Similarly, callers should use a fresh, unpredictable nonce
to help protect against ID
token reuse and forgery.
pub fn exchange_code(
&self,
code: AuthorizationCode
) -> CodeTokenRequest<TE, TR, TT>
[src]
&self,
code: AuthorizationCode
) -> CodeTokenRequest<TE, TR, TT>
Creates a request builder for exchanging an authorization code for an access token.
Acquires ownership of the code
because authorization codes may only be used once to
retrieve an access token from the authorization server.
See https://tools.ietf.org/html/rfc6749#section-4.1.3
pub fn exchange_refresh_token<'a, 'b>(
&'a self,
refresh_token: &'b RefreshToken
) -> RefreshTokenRequest<'b, TE, TR, TT> where
'a: 'b,
[src]
&'a self,
refresh_token: &'b RefreshToken
) -> RefreshTokenRequest<'b, TE, TR, TT> where
'a: 'b,
Creates a request builder for exchanging a refresh token for an access token.
See https://tools.ietf.org/html/rfc6749#section-6
pub fn exchange_password<'a, 'b>(
&'a self,
username: &'b ResourceOwnerUsername,
password: &'b ResourceOwnerPassword
) -> PasswordTokenRequest<'b, TE, TR, TT> where
'a: 'b,
[src]
&'a self,
username: &'b ResourceOwnerUsername,
password: &'b ResourceOwnerPassword
) -> PasswordTokenRequest<'b, TE, TR, TT> where
'a: 'b,
Creates a request builder for exchanging credentials for an access token.
See https://tools.ietf.org/html/rfc6749#section-6
pub fn user_info(
&self,
access_token: AccessToken,
expected_subject: Option<SubjectIdentifier>
) -> Result<UserInfoRequest<JE, JS, JT, JU, K>, NoUserInfoEndpoint>
[src]
&self,
access_token: AccessToken,
expected_subject: Option<SubjectIdentifier>
) -> Result<UserInfoRequest<JE, JS, JT, JU, K>, NoUserInfoEndpoint>
Creates a request builder for info about the user associated with the given access token.
This function requires that this Client
be configured with a user info endpoint,
which is an optional feature for OpenID Connect Providers to implement. If this Client
does not know the provider's user info endpoint, it returns the NoUserInfoEndpoint
error.
To help protect against token substitution attacks, this function optionally allows clients
to provide the subject identifier whose user info they expect to receive. If provided and
the subject returned by the OpenID Connect Provider does not match, the
UserInfoRequest::request
or UserInfoRequest::request_async
functions will return
UserInfoError::ClaimsVerification
. If set to None
, any subject is accepted.
Trait Implementations
impl<AC: Clone, AD: Clone, GC: Clone, JE: Clone, JS: Clone, JT: Clone, JU: Clone, K: Clone, P: Clone, TE: Clone, TR: Clone, TT: Clone> Clone for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: AdditionalClaims,
AD: AuthDisplay,
GC: GenderClaim,
JE: JweContentEncryptionAlgorithm<JT>,
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
P: AuthPrompt,
TE: ErrorResponse,
TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
TT: TokenType + 'static,
[src]
AC: AdditionalClaims,
AD: AuthDisplay,
GC: GenderClaim,
JE: JweContentEncryptionAlgorithm<JT>,
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
P: AuthPrompt,
TE: ErrorResponse,
TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
TT: TokenType + 'static,
fn clone(&self) -> Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT>
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl<AC: Debug, AD: Debug, GC: Debug, JE: Debug, JS: Debug, JT: Debug, JU: Debug, K: Debug, P: Debug, TE: Debug, TR: Debug, TT: Debug> Debug for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: AdditionalClaims,
AD: AuthDisplay,
GC: GenderClaim,
JE: JweContentEncryptionAlgorithm<JT>,
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
P: AuthPrompt,
TE: ErrorResponse,
TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
TT: TokenType + 'static,
[src]
AC: AdditionalClaims,
AD: AuthDisplay,
GC: GenderClaim,
JE: JweContentEncryptionAlgorithm<JT>,
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
P: AuthPrompt,
TE: ErrorResponse,
TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
TT: TokenType + 'static,
Auto Trait Implementations
impl<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> RefUnwindSafe for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: RefUnwindSafe,
AD: RefUnwindSafe,
GC: RefUnwindSafe,
JE: RefUnwindSafe,
JS: RefUnwindSafe,
JT: RefUnwindSafe,
JU: RefUnwindSafe,
K: RefUnwindSafe,
P: RefUnwindSafe,
TE: RefUnwindSafe,
TR: RefUnwindSafe,
TT: RefUnwindSafe,
AC: RefUnwindSafe,
AD: RefUnwindSafe,
GC: RefUnwindSafe,
JE: RefUnwindSafe,
JS: RefUnwindSafe,
JT: RefUnwindSafe,
JU: RefUnwindSafe,
K: RefUnwindSafe,
P: RefUnwindSafe,
TE: RefUnwindSafe,
TR: RefUnwindSafe,
TT: RefUnwindSafe,
impl<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> Send for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: Send,
AD: Send,
GC: Send,
JE: Send,
JS: Send,
JT: Send,
JU: Send,
K: Send,
P: Send,
TR: Send,
TT: Send,
AC: Send,
AD: Send,
GC: Send,
JE: Send,
JS: Send,
JT: Send,
JU: Send,
K: Send,
P: Send,
TR: Send,
TT: Send,
impl<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> Sync for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: Sync,
AD: Sync,
GC: Sync,
JE: Sync,
JS: Sync,
JT: Sync,
JU: Sync,
K: Sync,
P: Sync,
TR: Sync,
TT: Sync,
AC: Sync,
AD: Sync,
GC: Sync,
JE: Sync,
JS: Sync,
JT: Sync,
JU: Sync,
K: Sync,
P: Sync,
TR: Sync,
TT: Sync,
impl<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> Unpin for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: Unpin,
AD: Unpin,
GC: Unpin,
JE: Unpin,
JS: Unpin,
JT: Unpin,
JU: Unpin,
K: Unpin,
P: Unpin,
TE: Unpin,
TR: Unpin,
TT: Unpin,
AC: Unpin,
AD: Unpin,
GC: Unpin,
JE: Unpin,
JS: Unpin,
JT: Unpin,
JU: Unpin,
K: Unpin,
P: Unpin,
TE: Unpin,
TR: Unpin,
TT: Unpin,
impl<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> UnwindSafe for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
AC: UnwindSafe,
AD: UnwindSafe,
GC: UnwindSafe,
JE: UnwindSafe,
JS: UnwindSafe,
JT: UnwindSafe,
JU: UnwindSafe,
K: UnwindSafe,
P: UnwindSafe,
TE: UnwindSafe,
TR: UnwindSafe,
TT: UnwindSafe,
AC: UnwindSafe,
AD: UnwindSafe,
GC: UnwindSafe,
JE: UnwindSafe,
JS: UnwindSafe,
JT: UnwindSafe,
JU: UnwindSafe,
K: UnwindSafe,
P: UnwindSafe,
TE: UnwindSafe,
TR: UnwindSafe,
TT: UnwindSafe,
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
U: TryFrom<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
V: MultiLane<T>,