Struct dcaf::endpoints::token_req::AccessTokenResponse
source · pub struct AccessTokenResponse {
pub access_token: ByteString,
pub expires_in: Option<u32>,
pub scope: Option<Scope>,
pub token_type: Option<TokenType>,
pub refresh_token: Option<ByteString>,
pub ace_profile: Option<AceProfile>,
pub cnf: Option<ProofOfPossessionKey>,
pub rs_cnf: Option<ProofOfPossessionKey>,
pub issued_at: Option<Timestamp>,
}
Expand description
Response to an AccessTokenRequest
containing the Access Token among additional information,
as defined in section 5.8.2 of RFC 9200.
Use the AccessTokenResponseBuilder
(which you can access using the
AccessTokenResponse::builder()
method) to create an instance of this struct.
Example
Figure 7 of RFC 9200 gives us an example of an access token response, given in CBOR diagnostic notation1:
{
"access_token" : b64'SlAV32hkKG ...
(remainder of CWT omitted for brevity;
CWT contains COSE_Key in the "cnf" claim)',
"ace_profile" : "coap_dtls",
"expires_in" : "3600",
"cnf" : {
"COSE_Key" : {
"kty" : "Symmetric",
"kid" : b64'39Gqlw',
"k" : b64'hJtXhkV8FJG+Onbc6mxCcQh'
}
}
}
This could be built and serialized as an AccessTokenResponse
like so:
let key = CoseKeyBuilder::new_symmetric_key(
// Omitted for brevity.
).key_id(vec![0xDF, 0xD1, 0xAA, 0x97]).build();
let expires_in: u32 = 3600; // this needs to be done so Rust doesn't think of it as an i32
let response: AccessTokenResponse = AccessTokenResponse::builder()
.access_token(
// Omitted for brevity, this is a CWT whose `cnf` claim contains
// the COSE_Key used in the `cnf` field from this `AccessTokenResponse`.
)
.ace_profile(AceProfile::CoapDtls)
.expires_in(expires_in)
.cnf(key)
.build()?;
let mut serialized = Vec::new();
response.clone().serialize_into(&mut serialized)?;
assert_eq!(AccessTokenResponse::deserialize_from(serialized.as_slice())?, response);
Note that abbreviations aren’t used here, so keep in mind that the labels are really integers instead of strings. ↩
Fields§
§access_token: ByteString
The access token issued by the authorization server.
Must be included.
expires_in: Option<u32>
The lifetime in seconds of the access token.
scope: Option<Scope>
The scope of the access token as described by section 3.3 of RFC 6749.
See the documentation of Scope
for details.
token_type: Option<TokenType>
The type of the token issued as described in section 7.1 of RFC 6749 and section 5.8.4.2 of RFC 9200.
See the documentation of TokenType
for details.
refresh_token: Option<ByteString>
The refresh token, which can be used to obtain new access tokens using the same authorization grant as described in section 6 of RFC 6749.
ace_profile: Option<AceProfile>
This indicates the profile that the client must use towards the RS.
See the documentation of AceProfile
for details.
cnf: Option<ProofOfPossessionKey>
The proof-of-possession key that the AS selected for the token.
See the documentation of ProofOfPossessionKey
for details.
rs_cnf: Option<ProofOfPossessionKey>
Information about the public key used by the RS to authenticate.
See the documentation of ProofOfPossessionKey
for details.
issued_at: Option<Timestamp>
Timestamp when the token was issued. Note that this is only used by libdcaf and not present in the ACE-OAuth specification for access token responses. It is instead usually encoded as a claim in the access token itself.
Defined in section 3.1.6 of RFC 8392 and table 6 of RFC 9200.
Implementations§
source§impl AccessTokenResponse
impl AccessTokenResponse
sourcepub fn builder() -> AccessTokenResponseBuilder
pub fn builder() -> AccessTokenResponseBuilder
Initializes and returns a new AccessTokenResponseBuilder
.
Trait Implementations§
source§impl Clone for AccessTokenResponse
impl Clone for AccessTokenResponse
source§fn clone(&self) -> AccessTokenResponse
fn clone(&self) -> AccessTokenResponse
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for AccessTokenResponse
impl Debug for AccessTokenResponse
source§impl Default for AccessTokenResponse
impl Default for AccessTokenResponse
source§fn default() -> AccessTokenResponse
fn default() -> AccessTokenResponse
source§impl PartialEq<AccessTokenResponse> for AccessTokenResponse
impl PartialEq<AccessTokenResponse> for AccessTokenResponse
source§fn eq(&self, other: &AccessTokenResponse) -> bool
fn eq(&self, other: &AccessTokenResponse) -> bool
self
and other
values to be equal, and is used
by ==
.source§impl ToCborMap for AccessTokenResponse
impl ToCborMap for AccessTokenResponse
source§fn serialize_into<W>(self, writer: W) -> Result<(), Error<W::Error>>where
Self: Sized,
W: Write,
W::Error: Debug,
fn serialize_into<W>(self, writer: W) -> Result<(), Error<W::Error>>where Self: Sized, W: Write, W::Error: Debug,
writer
. Read moresource§fn deserialize_from<R>(reader: R) -> Result<Self, Error<R::Error>>where
Self: Sized,
R: Read,
R::Error: Debug,
fn deserialize_from<R>(reader: R) -> Result<Self, Error<R::Error>>where Self: Sized, R: Read, R::Error: Debug,
reader
— which is expected to be an instance of this type,
represented as a CBOR map bytestring — into an instance of this type. Read more