Module oxide_auth::endpoint
source · Expand description
Polymorphic HTTP wrappers for code grant authorization and other flows.
An endpoint is concerned with executing the abstract behaviours given by the backend in terms of the actions of the endpoint types. This means translating Redirect errors to the correct Redirect http response for example or optionally sending internal errors to loggers. The frontends, which are the bindings to particular server libraries, can instantiate the endpoint api or simple reuse existing types.
To ensure the adherence to the oauth2 rfc and the improve general implementations, some control flow of incoming packets is specified here instead of the frontend implementations. Instead, traits are offered to make this compatible with other endpoints. In theory, this makes endpoints pluggable which could improve testing.
Custom endpoint
In order to not place restrictions on the web server library in use, it is possible to implement an endpoint completely with user defined types.
This requires custom, related implementations of WebRequest and WebResponse.
WARNING: Custom endpoints MUST ensure a secure communication layer with confidential clients.
This means using TLS for communication over https.
After receiving an authorization grant, access token or access request, initiate the respective
flow by collecting the Authorizer, Issuer, and Registrar instances. For example:
Re-exports
pub use crate::primitives::authorizer::Authorizer;pub use crate::primitives::issuer::Issuer;pub use crate::primitives::registrar::Registrar;pub use crate::primitives::scope::Scope;pub use crate::code_grant::authorization::Extension as AuthorizationExtension;pub use crate::code_grant::accesstoken::Extension as AccessTokenExtension;pub use crate::code_grant::client_credentials::Extension as ClientCredentialsExtension;pub use crate::primitives::registrar::PreGrant;
Structs
- Offers access tokens to authenticated third parties.
- All relevant methods for handling authorization code requests.
- Offers access tokens to authenticated third parties.
- The query parameter normal form.
- Takes requests from clients to refresh their access tokens.
- Guards resources by requiring OAuth authorization.
- A pending solicitation to a resource owner.
- Modifiable reason for creating a response to the client.
Enums
- Errors which should not or need not be communicated to the requesting party but which are of interest to the server. See the documentation for each enum variant for more documentation on each as some may have an expected response. These include badly formatted headers or url encoded body, unexpected parameters, or security relevant required parameters.
- Answer from OwnerAuthorizer to indicate the owners choice.
- The general manner of the response.
Traits
- Fuses requests and primitives into a coherent system to give a response.
- Intermediate trait to flow specific extensions.
- Checks consent with the owner of a resource, identified in a request.
- Allows access to the query parameters in an url or a body.
- Determine the scopes applying to a request of a resource.
- Return a reference to value in a collection if it is the only one.
- Abstraction of web requests with several different abstractions and constructors needed by an endpoint. It is assumed to originate from an HTTP request, as defined in the scope of the rfc, but theoretically other requests are possible.
- Response representation into which the Request is transformed by the code_grant types.
Functions
- Check if the header is an authorization method