Struct dcaf::endpoints::token_req::AccessTokenResponse

pub struct AccessTokenResponse {
    pub access_token: ByteString,
    pub expires_in: Option<u32>,
    pub scope: Option<Scope>,
    pub token_type: Option<TokenType>,
    pub refresh_token: Option<ByteString>,
    pub ace_profile: Option<AceProfile>,
    pub cnf: Option<ProofOfPossessionKey>,
    pub rs_cnf: Option<ProofOfPossessionKey>,
    pub issued_at: Option<Timestamp>,
}

Response to an AccessTokenRequest containing the Access Token among additional information, as defined in section 5.8.2 of RFC 9200.

Use the AccessTokenResponseBuilder (which you can access using the AccessTokenResponse::builder() method) to create an instance of this struct.

Example

Figure 7 of RFC 9200 gives us an example of an access token response, given in CBOR diagnostic notation¹:

{
  "access_token" : b64'SlAV32hkKG ...
   (remainder of CWT omitted for brevity;
   CWT contains COSE_Key in the "cnf" claim)',
  "ace_profile" : "coap_dtls",
  "expires_in" : "3600",
  "cnf" : {
    "COSE_Key" : {
      "kty" : "Symmetric",
      "kid" : b64'39Gqlw',
      "k" : b64'hJtXhkV8FJG+Onbc6mxCcQh'
    }
  }
}

This could be built and serialized as an AccessTokenResponse like so:

let key = CoseKeyBuilder::new_symmetric_key(
   // Omitted for brevity.
).key_id(vec![0xDF, 0xD1, 0xAA, 0x97]).build();
let expires_in: u32 = 3600;  // this needs to be done so Rust doesn't think of it as an i32
let response: AccessTokenResponse = AccessTokenResponse::builder()
   .access_token(
      // Omitted for brevity, this is a CWT whose `cnf` claim contains
      // the COSE_Key used in the `cnf` field from this `AccessTokenResponse`.
   )
   .ace_profile(AceProfile::CoapDtls)
   .expires_in(expires_in)
   .cnf(key)
   .build()?;
let mut serialized = Vec::new();
response.clone().serialize_into(&mut serialized)?;
assert_eq!(AccessTokenResponse::deserialize_from(serialized.as_slice())?, response);

---

1. Note that abbreviations aren’t used here, so keep in mind that the labels are really integers instead of strings. ↩

Fields

access_token: ByteString

The access token issued by the authorization server.

Must be included.

expires_in: Option<u32>

The lifetime in seconds of the access token.

scope: Option<Scope>

The scope of the access token as described by section 3.3 of RFC 6749.

See the documentation of Scope for details.

token_type: Option<TokenType>

The type of the token issued as described in section 7.1 of RFC 6749 and section 5.8.4.2 of RFC 9200.

See the documentation of TokenType for details.

refresh_token: Option<ByteString>

The refresh token, which can be used to obtain new access tokens using the same authorization grant as described in section 6 of RFC 6749.

ace_profile: Option<AceProfile>

This indicates the profile that the client must use towards the RS.

See the documentation of AceProfile for details.

cnf: Option<ProofOfPossessionKey>

The proof-of-possession key that the AS selected for the token.

See the documentation of ProofOfPossessionKey for details.

rs_cnf: Option<ProofOfPossessionKey>

Information about the public key used by the RS to authenticate.

See the documentation of ProofOfPossessionKey for details.

issued_at: Option<Timestamp>

Timestamp when the token was issued. Note that this is only used by libdcaf and not present in the ACE-OAuth specification for access token responses. It is instead usually encoded as a claim in the access token itself.

Defined in section 3.1.6 of RFC 8392 and table 6 of RFC 9200.

Implementations

impl AccessTokenResponse

pub fn builder() -> AccessTokenResponseBuilder

Initializes and returns a new AccessTokenResponseBuilder.

Trait Implementations

impl Clone for AccessTokenResponse

fn clone(&self) -> AccessTokenResponse

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AccessTokenResponse

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for AccessTokenResponse

fn default() -> AccessTokenResponse

Returns the “default value” for a type.

impl PartialEq<AccessTokenResponse> for AccessTokenResponse

fn eq(&self, other: &AccessTokenResponse) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl ToCborMap for AccessTokenResponse

fn serialize_into<W>(self, writer: W) -> Result<(), Error<W::Error>>where Self: Sized, W: Write, W::Error: Debug,

Serializes this type as a CBOR map bytestring into the given writer.

fn deserialize_from<R>(reader: R) -> Result<Self, Error<R::Error>>where Self: Sized, R: Read, R::Error: Debug,

Deserializes from the given reader — which is expected to be an instance of this type, represented as a CBOR map bytestring — into an instance of this type.

fn to_ciborium_value(&self) -> Value

Converts this type to a CBOR serializable Value using to_cbor_map.

impl StructuralPartialEq for AccessTokenResponse