Struct openidconnect::Client

pub struct Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
    AC: AdditionalClaims,
    AD: AuthDisplay,
    GC: GenderClaim,
    JE: JweContentEncryptionAlgorithm<JT>,
    JS: JwsSigningAlgorithm<JT>,
    JT: JsonWebKeyType,
    JU: JsonWebKeyUse,
    K: JsonWebKey<JS, JT, JU>,
    P: AuthPrompt,
    TE: ErrorResponse,
    TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
    TT: TokenType + 'static,  { /* fields omitted */ }

OpenID Connect client.

Implementations

impl<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
    AC: AdditionalClaims,
    AD: AuthDisplay,
    GC: GenderClaim,
    JE: JweContentEncryptionAlgorithm<JT>,
    JS: JwsSigningAlgorithm<JT>,
    JT: JsonWebKeyType,
    JU: JsonWebKeyUse,
    K: JsonWebKey<JS, JT, JU>,
    P: AuthPrompt,
    TE: ErrorResponse,
    TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
    TT: TokenType + 'static, 

pub fn new(
    client_id: ClientId,
    client_secret: Option<ClientSecret>,
    issuer: IssuerUrl,
    auth_url: AuthUrl,
    token_url: Option<TokenUrl>,
    userinfo_endpoint: Option<UserInfoUrl>,
    jwks: JsonWebKeySet<JS, JT, JU, K>
) -> Self

Initializes an OpenID Connect client.

pub fn from_provider_metadata<A, CA, CN, CT, G, JK, RM, RT, S>(
    provider_metadata: ProviderMetadata<A, AD, CA, CN, CT, G, JE, JK, JS, JT, JU, K, RM, RT, S>,
    client_id: ClientId,
    client_secret: Option<ClientSecret>
) -> Self where
    A: AdditionalProviderMetadata,
    CA: ClientAuthMethod,
    CN: ClaimName,
    CT: ClaimType,
    G: GrantType,
    JK: JweKeyManagementAlgorithm,
    RM: ResponseMode,
    RT: ResponseType,
    S: SubjectIdentifierType, 

Initializes an OpenID Connect client from OpenID Connect Discovery provider metadata.

Use ProviderMetadata::discover or ProviderMetadata::discover_async to fetch the provider metadata.

pub fn set_auth_type(self, auth_type: AuthType) -> Self

Configures the type of client authentication used for communicating with the authorization server.

The default is to use HTTP Basic authentication, as recommended in Section 2.3.1 of RFC 6749.

pub fn set_redirect_uri(self, redirect_uri: RedirectUrl) -> Self

Sets the the redirect URL used by the authorization endpoint.

pub fn enable_openid_scope(self) -> Self

Enables the openid scope to be requested automatically.

This scope is requested by default, so this function is only useful after previous calls to disable_openid_scope.

pub fn disable_openid_scope(self) -> Self

Disables the openid scope from being requested automatically.

pub fn id_token_verifier(&self) -> IdTokenVerifier<JS, JT, JU, K>

Returns an ID token verifier for use with the IdToken::claims method.

pub fn authorize_url<NF, RT, SF>(
    &self,
    authentication_flow: AuthenticationFlow<RT>,
    state_fn: SF,
    nonce_fn: NF
) -> AuthorizationRequest<AD, P, RT> where
    NF: FnOnce() -> Nonce + 'static,
    RT: ResponseType,
    SF: FnOnce() -> CsrfToken + 'static, 

Generates an authorization URL for a new authorization request.

NOTE: Passing authorization request parameters as a JSON Web Token instead of URL query parameters is not currently supported. The claims parameter is also not directly supported, although the AuthorizationRequest::add_extra_param method can be used to add custom parameters, including claims.

Arguments

• authentication_flow - The authentication flow to use (code, implicit, or hybrid).
• state_fn - A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.
• nonce_fn - Similar to state_fn, but used to generate an opaque nonce to be used when verifying the ID token returned by the OpenID Connect Provider.

Security Warning

Callers should use a fresh, unpredictable state for each authorization request and verify that this value matches the state parameter passed by the authorization server to the redirect URI. Doing so mitigates Cross-Site Request Forgery attacks.

Similarly, callers should use a fresh, unpredictable nonce to help protect against ID token reuse and forgery.

pub fn exchange_code(
    &self,
    code: AuthorizationCode
) -> CodeTokenRequest<TE, TR, TT>

Creates a request builder for exchanging an authorization code for an access token.

Acquires ownership of the code because authorization codes may only be used once to retrieve an access token from the authorization server.

See https://tools.ietf.org/html/rfc6749#section-4.1.3

pub fn exchange_refresh_token<'a, 'b>(
    &'a self,
    refresh_token: &'b RefreshToken
) -> RefreshTokenRequest<'b, TE, TR, TT> where
    'a: 'b, 

Creates a request builder for exchanging a refresh token for an access token.

See https://tools.ietf.org/html/rfc6749#section-6

pub fn exchange_password<'a, 'b>(
    &'a self,
    username: &'b ResourceOwnerUsername,
    password: &'b ResourceOwnerPassword
) -> PasswordTokenRequest<'b, TE, TR, TT> where
    'a: 'b, 

Creates a request builder for exchanging credentials for an access token.

See https://tools.ietf.org/html/rfc6749#section-6

pub fn user_info(
    &self,
    access_token: AccessToken,
    expected_subject: Option<SubjectIdentifier>
) -> Result<UserInfoRequest<JE, JS, JT, JU, K>, NoUserInfoEndpoint>

Creates a request builder for info about the user associated with the given access token.

This function requires that this Client be configured with a user info endpoint, which is an optional feature for OpenID Connect Providers to implement. If this Client does not know the provider's user info endpoint, it returns the NoUserInfoEndpoint error.

To help protect against token substitution attacks, this function optionally allows clients to provide the subject identifier whose user info they expect to receive. If provided and the subject returned by the OpenID Connect Provider does not match, the UserInfoRequest::request or UserInfoRequest::request_async functions will return UserInfoError::ClaimsVerification. If set to None, any subject is accepted.

Trait Implementations

impl<AC: Clone, AD: Clone, GC: Clone, JE: Clone, JS: Clone, JT: Clone, JU: Clone, K: Clone, P: Clone, TE: Clone, TR: Clone, TT: Clone> Clone for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
    AC: AdditionalClaims,
    AD: AuthDisplay,
    GC: GenderClaim,
    JE: JweContentEncryptionAlgorithm<JT>,
    JS: JwsSigningAlgorithm<JT>,
    JT: JsonWebKeyType,
    JU: JsonWebKeyUse,
    K: JsonWebKey<JS, JT, JU>,
    P: AuthPrompt,
    TE: ErrorResponse,
    TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
    TT: TokenType + 'static, 

fn clone(&self) -> Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<AC: Debug, AD: Debug, GC: Debug, JE: Debug, JS: Debug, JT: Debug, JU: Debug, K: Debug, P: Debug, TE: Debug, TR: Debug, TT: Debug> Debug for Client<AC, AD, GC, JE, JS, JT, JU, K, P, TE, TR, TT> where
    AC: AdditionalClaims,
    AD: AuthDisplay,
    GC: GenderClaim,
    JE: JweContentEncryptionAlgorithm<JT>,
    JS: JwsSigningAlgorithm<JT>,
    JT: JsonWebKeyType,
    JU: JsonWebKeyUse,
    K: JsonWebKey<JS, JT, JU>,
    P: AuthPrompt,
    TE: ErrorResponse,
    TR: TokenResponse<AC, GC, JE, JS, JT, TT>,
    TT: TokenType + 'static, 

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.