Struct openidconnect::IdTokenVerifier[][src]

pub struct IdTokenVerifier<'a, JS, JT, JU, K> where
    JS: JwsSigningAlgorithm<JT>,
    JT: JsonWebKeyType,
    JU: JsonWebKeyUse,
    K: JsonWebKey<JS, JT, JU>,  { /* fields omitted */ }

ID token verifier.

Implementations

impl<'a, JS, JT, JU, K> IdTokenVerifier<'a, JS, JT, JU, K> where
    JS: JwsSigningAlgorithm<JT>,
    JT: JsonWebKeyType,
    JU: JsonWebKeyUse,
    K: JsonWebKey<JS, JT, JU>, [src]

pub fn new_public_client(
    client_id: ClientId,
    issuer: IssuerUrl,
    signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self[src]

Initializes a new verifier for a public client (i.e., one without a client secret).

pub fn new_confidential_client(
    client_id: ClientId,
    client_secret: ClientSecret,
    issuer: IssuerUrl,
    signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self[src]

Initializes a new verifier for a confidential client (i.e., one with a client secret).

A confidential client verifier is required in order to verify ID tokens signed using a shared secret algorithm such as HS256, HS384, or HS512. For these algorithms, the client secret is the shared secret.

pub fn set_allowed_algs<I>(self, algs: I) -> Self where
    I: IntoIterator<Item = JS>, [src]

Specifies which JSON Web Signature algorithms are supported.

pub fn allow_any_alg(self) -> Self[src]

Specifies that any signature algorithm is supported.

pub fn set_auth_context_verifier_fn<T>(self, acr_verifier_fn: T) -> Self where
    T: Fn(Option<&AuthenticationContextClass>) -> Result<(), String> + 'a + Send + Sync[src]

Specifies a function for verifying the acr claim.

The function should return Ok(()) if the claim is valid, or a string describing the error otherwise.

pub fn set_auth_time_verifier_fn<T>(self, auth_time_verifier_fn: T) -> Self where
    T: Fn(Option<DateTime<Utc>>) -> Result<(), String> + 'a + Send + Sync[src]

Specifies a function for verifying the auth_time claim.

The function should return Ok(()) if the claim is valid, or a string describing the error otherwise.

pub fn enable_signature_check(self) -> Self[src]

Enables signature verification.

Signature verification is enabled by default, so this function is only useful if IdTokenVerifier::insecure_disable_signature_check was previously invoked.

pub fn insecure_disable_signature_check(self) -> Self[src]

Disables signature verification.

Security Warning

Unverified ID tokens may be subject to forgery. See Section 16.3 for more information.

pub fn require_issuer_match(self, iss_required: bool) -> Self[src]

Specifies whether the issuer claim must match the expected issuer URL for the provider.

pub fn require_audience_match(self, aud_required: bool) -> Self[src]

Specifies whether the audience claim must match this client’s client ID.

pub fn set_time_fn<T>(self, time_fn: T) -> Self where
    T: Fn() -> DateTime<Utc> + 'a + Send + Sync[src]

Specifies a function for returning the current time.

This function is used for verifying the ID token expiration time.

pub fn set_issue_time_verifier_fn<T>(self, iat_verifier_fn: T) -> Self where
    T: Fn(DateTime<Utc>) -> Result<(), String> + 'a + Send + Sync[src]

Specifies a function for verifying the ID token issue time.

The function should return Ok(()) if the claim is valid, or a string describing the error otherwise.

pub fn set_other_audience_verifier_fn<T>(self, other_aud_verifier_fn: T) -> Self where
    T: Fn(&Audience) -> bool + 'a + Send + Sync[src]

Specifies a function for verifying audiences included in the aud claim that differ from this client’s client ID.

The function should return true if the audience is trusted, or false otherwise.

Section 3.1.3.7 states that “The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.”

Trait Implementations

impl<'a, JS: Clone, JT: Clone, JU: Clone, K: Clone> Clone for IdTokenVerifier<'a, JS, JT, JU, K> where
    JS: JwsSigningAlgorithm<JT>,
    JT: JsonWebKeyType,
    JU: JsonWebKeyUse,
    K: JsonWebKey<JS, JT, JU>, [src]

Auto Trait Implementations

impl<'a, JS, JT, JU, K> !RefUnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>

impl<'a, JS, JT, JU, K> Send for IdTokenVerifier<'a, JS, JT, JU, K> where
    JS: Send,
    JT: Send,
    JU: Send,
    K: Send

impl<'a, JS, JT, JU, K> Sync for IdTokenVerifier<'a, JS, JT, JU, K> where
    JS: Sync,
    JT: Sync,
    JU: Sync,
    K: Sync

impl<'a, JS, JT, JU, K> Unpin for IdTokenVerifier<'a, JS, JT, JU, K> where
    JS: Unpin,
    JT: Unpin,
    JU: Unpin,
    K: Unpin

impl<'a, JS, JT, JU, K> !UnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T> Instrument for T[src]

impl<T> Instrument for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,