xjp_oidc/
lib.rs

1//! # xjp-oidc
2//!
3//! A comprehensive OIDC/OAuth2 SDK for Rust with support for both server and WASM environments.
4//!
5//! ## Features
6//!
7//! - Authorization Code Flow with PKCE
8//! - OIDC Discovery and JWKS caching
9//! - ID Token verification with standard claims validation
10//! - Dynamic Client Registration (server-only)
11//! - RP-Initiated Logout
12//! - Resource Server JWT verification
13//! - Optional Axum integration
14//!
15//! ## Example
16//!
17//! ```no_run
18//! use xjp_oidc::{create_pkce, build_auth_url, BuildAuthUrl};
19//!
20//! # async fn example() -> Result<(), Box<dyn std::error::Error>> {
21//! // Create PKCE challenge
22//! let (verifier, challenge, method) = create_pkce()?;
23//!
24//! // Build authorization URL
25//! let auth_result = build_auth_url(BuildAuthUrl {
26//!     issuer: "https://auth.example.com".into(),
27//!     client_id: "my-client".into(),
28//!     redirect_uri: "https://app.example.com/callback".into(),
29//!     scope: "openid profile email".into(),
30//!     code_challenge: challenge,
31//!     state: None,
32//!     nonce: None,
33//!     prompt: None,
34//!     extra_params: None,
35//!     tenant: None,
36//!     authorization_endpoint: None,
37//! })?;
38//! let auth_url = auth_result.url;
39//! // Save auth_result.state and auth_result.nonce for later validation
40//! # Ok(())
41//! # }
42//! ```
43
44#![cfg_attr(docsrs, feature(doc_cfg))]
45#![warn(missing_docs)]
46
47pub mod errors;
48pub mod types;
49
50// Core functionality modules
51mod auth_url;
52pub mod cache;
53mod client;
54mod dcr;
55mod discovery;
56mod exchange;
57pub mod http;
58mod id_token;
59mod introspect;
60mod jwks;
61mod pkce;
62mod userinfo;
63
64// Multi-tenant support modules
65pub mod tenant;
66pub mod discovery_tenant;
67pub mod http_tenant;
68
69// Conditional compilation for verifier feature
70#[cfg(feature = "verifier")]
71mod verify;
72
73// SSE support (server-only)
74#[cfg(not(target_arch = "wasm32"))]
75pub mod sse;
76
77// Re-export main types and functions
78pub use auth_url::{
79    build_auth_url, build_auth_url_with_metadata, build_end_session_url,
80    build_end_session_url_with_discovery, parse_callback_params,
81};
82pub use cache::{Cache, NoOpCache, MemoryCache};
83
84#[cfg(feature = "lru")]
85pub use cache::LruCacheImpl;
86
87#[cfg(all(not(target_arch = "wasm32"), feature = "moka"))]
88pub use cache::MokaCacheImpl;
89
90#[cfg(all(not(target_arch = "wasm32"), feature = "http-reqwest", feature = "moka"))]
91pub use client::OidcClient;
92
93#[cfg(not(target_arch = "wasm32"))]
94pub use dcr::{register_client, get_client_config};
95
96pub use discovery::discover;
97pub use errors::Error;
98
99#[cfg(not(target_arch = "wasm32"))]
100pub use exchange::{exchange_code, refresh_token};
101
102pub use http::{HttpClient, HttpClientError};
103pub use id_token::fetch_jwks;
104
105#[cfg(all(not(target_arch = "wasm32"), feature = "http-reqwest"))]
106pub use http::ReqwestHttpClient;
107
108#[cfg(all(target_arch = "wasm32", feature = "http-wasm"))]
109pub use http::WasmHttpClient;
110
111pub use id_token::verify_id_token;
112#[cfg(not(target_arch = "wasm32"))]
113pub use introspect::{introspect_token, revoke_token};
114pub use jwks::{Jwk, Jwks};
115pub use pkce::create_pkce;
116pub use types::*;
117pub use userinfo::get_userinfo;
118
119#[cfg(feature = "verifier")]
120pub use verify::JwtVerifier;
121
122// Version information
123/// SDK version
124pub const VERSION: &str = env!("CARGO_PKG_VERSION");
125
126/// Prelude module for convenient imports
127pub mod prelude {
128    pub use crate::{
129        build_auth_url, build_end_session_url, build_end_session_url_with_discovery,
130        create_pkce, discover, parse_callback_params, verify_id_token, AuthUrlResult, BuildAuthUrl,
131        CallbackParams, EndSession, Error, OidcProviderMetadata, TokenResponse,
132        VerifiedIdToken, VerifyOptions,
133    };
134
135    // Multi-tenant support
136    pub use crate::{
137        tenant::{TenantConfig, TenantMode, TenantResolution},
138        discovery_tenant::{discover_with_tenant, discover_with_tenant_simple, discover_with_tenant_resolution},
139        http_tenant::{HttpClientWithAdminSupport, HttpClientAdapter},
140    };
141    
142    #[cfg(all(not(target_arch = "wasm32"), feature = "http-reqwest"))]
143    pub use crate::http_tenant::reqwest_tenant::ReqwestHttpClientWithAdminSupport;
144
145    #[cfg(not(target_arch = "wasm32"))]
146    pub use crate::{
147        exchange_code, refresh_token, register_client, get_client_config,
148        introspect_token, revoke_token,
149        ExchangeCode, RefreshTokenRequest, RegisterRequest,
150        IntrospectRequest, IntrospectResponse, ClientConfig,
151    };
152    
153    pub use crate::{get_userinfo, UserInfo};
154
155    #[cfg(feature = "verifier")]
156    pub use crate::{JwtVerifier, VerifiedClaims};
157    
158    // SSE support
159    #[cfg(all(not(target_arch = "wasm32"), feature = "sse"))]
160    pub use crate::sse::{
161        start_login_session, check_login_status, subscribe_login_events,
162        LoginStatus, LoginState, LoginEvent, LoginMonitorConfig,
163    };
164}
xjp_oidc/lib.rs

xjp_oidc/
lib.rs
