Struct openidconnect::IdTokenVerifier [−][src]
pub struct IdTokenVerifier<'a, JS, JT, JU, K> where
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>, { /* fields omitted */ }
ID token verifier.
Implementations
impl<'a, JS, JT, JU, K> IdTokenVerifier<'a, JS, JT, JU, K> where
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
[src]
impl<'a, JS, JT, JU, K> IdTokenVerifier<'a, JS, JT, JU, K> where
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
[src]pub fn new_public_client(
client_id: ClientId,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
[src]
client_id: ClientId,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
Initializes a new verifier for a public client (i.e., one without a client secret).
pub fn new_confidential_client(
client_id: ClientId,
client_secret: ClientSecret,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
[src]
client_id: ClientId,
client_secret: ClientSecret,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
Initializes a new verifier for a confidential client (i.e., one with a client secret).
A confidential client verifier is required in order to verify ID tokens signed using a
shared secret algorithm such as HS256
, HS384
, or HS512
. For these algorithms, the
client secret is the shared secret.
pub fn set_allowed_algs<I>(self, algs: I) -> Self where
I: IntoIterator<Item = JS>,
[src]
I: IntoIterator<Item = JS>,
Specifies which JSON Web Signature algorithms are supported.
pub fn allow_any_alg(self) -> Self
[src]
Specifies that any signature algorithm is supported.
pub fn set_auth_context_verifier_fn<T>(self, acr_verifier_fn: T) -> Self where
T: Fn(Option<&AuthenticationContextClass>) -> Result<(), String> + 'a + Send + Sync,
[src]
T: Fn(Option<&AuthenticationContextClass>) -> Result<(), String> + 'a + Send + Sync,
Specifies a function for verifying the acr
claim.
The function should return Ok(())
if the claim is valid, or a string describing the error
otherwise.
pub fn set_auth_time_verifier_fn<T>(self, auth_time_verifier_fn: T) -> Self where
T: Fn(Option<DateTime<Utc>>) -> Result<(), String> + 'a + Send + Sync,
[src]
T: Fn(Option<DateTime<Utc>>) -> Result<(), String> + 'a + Send + Sync,
Specifies a function for verifying the auth_time
claim.
The function should return Ok(())
if the claim is valid, or a string describing the error
otherwise.
pub fn enable_signature_check(self) -> Self
[src]
Enables signature verification.
Signature verification is enabled by default, so this function is only useful if
IdTokenVerifier::insecure_disable_signature_check
was previously invoked.
pub fn insecure_disable_signature_check(self) -> Self
[src]
Disables signature verification.
Security Warning
Unverified ID tokens may be subject to forgery. See Section 16.3 for more information.
pub fn require_issuer_match(self, iss_required: bool) -> Self
[src]
Specifies whether the issuer claim must match the expected issuer URL for the provider.
pub fn require_audience_match(self, aud_required: bool) -> Self
[src]
Specifies whether the audience claim must match this client’s client ID.
pub fn set_time_fn<T>(self, time_fn: T) -> Self where
T: Fn() -> DateTime<Utc> + 'a + Send + Sync,
[src]
T: Fn() -> DateTime<Utc> + 'a + Send + Sync,
Specifies a function for returning the current time.
This function is used for verifying the ID token expiration time.
pub fn set_issue_time_verifier_fn<T>(self, iat_verifier_fn: T) -> Self where
T: Fn(DateTime<Utc>) -> Result<(), String> + 'a + Send + Sync,
[src]
T: Fn(DateTime<Utc>) -> Result<(), String> + 'a + Send + Sync,
Specifies a function for verifying the ID token issue time.
The function should return Ok(())
if the claim is valid, or a string describing the error
otherwise.
pub fn set_other_audience_verifier_fn<T>(self, other_aud_verifier_fn: T) -> Self where
T: Fn(&Audience) -> bool + 'a + Send + Sync,
[src]
T: Fn(&Audience) -> bool + 'a + Send + Sync,
Specifies a function for verifying audiences included in the aud
claim that differ from
this client’s client ID.
The function should return true
if the audience is trusted, or false
otherwise.
Section 3.1.3.7 states that “The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.”
Trait Implementations
impl<'a, JS: Clone, JT: Clone, JU: Clone, K: Clone> Clone for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
[src]
impl<'a, JS: Clone, JT: Clone, JU: Clone, K: Clone> Clone for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
[src]fn clone(&self) -> IdTokenVerifier<'a, JS, JT, JU, K>
[src]
pub fn clone_from(&mut self, source: &Self)
1.0.0[src]
Auto Trait Implementations
impl<'a, JS, JT, JU, K> !RefUnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>
impl<'a, JS, JT, JU, K> !RefUnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>
impl<'a, JS, JT, JU, K> Send for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: Send,
JT: Send,
JU: Send,
K: Send,
impl<'a, JS, JT, JU, K> Send for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: Send,
JT: Send,
JU: Send,
K: Send,
impl<'a, JS, JT, JU, K> Sync for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: Sync,
JT: Sync,
JU: Sync,
K: Sync,
impl<'a, JS, JT, JU, K> Sync for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: Sync,
JT: Sync,
JU: Sync,
K: Sync,
impl<'a, JS, JT, JU, K> Unpin for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: Unpin,
JT: Unpin,
JU: Unpin,
K: Unpin,
impl<'a, JS, JT, JU, K> Unpin for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: Unpin,
JT: Unpin,
JU: Unpin,
K: Unpin,
impl<'a, JS, JT, JU, K> !UnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>
impl<'a, JS, JT, JU, K> !UnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>
Blanket Implementations
impl<T> Instrument for T
[src]
impl<T> Instrument for T
[src]pub fn instrument(self, span: Span) -> Instrumented<Self>
[src]
pub fn in_current_span(self) -> Instrumented<Self>
[src]
impl<T> Instrument for T
[src]
impl<T> Instrument for T
[src]pub fn instrument(self, span: Span) -> Instrumented<Self>
[src]
pub fn in_current_span(self) -> Instrumented<Self>
[src]
impl<T> Same<T> for T
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,