Crate graph_oauth

Source
Expand description

§Microsoft Identity Platform Client

Support For OAuth 2.0 and OpenId authorization flows from the Microsoft Identity Platform.

Part of the graph-rs-sdk project on GitHub

§Example ConfidentialClientApplication Authorization Code Flow

use url::Url;
use graph_oauth::{AuthorizationCodeCredential, ConfidentialClientApplication};

pub fn authorization_url(client_id: &str) -> anyhow::Result<Url> {
    Ok(ConfidentialClientApplication::builder(client_id)
        .auth_code_url_builder()
        .with_redirect_uri(Url::parse("http://localhost:8000/redirect")?)
        .with_scope(vec!["user.read"])
        .url()?)
}

pub fn get_confidential_client(authorization_code: &str, client_id: &str, client_secret: &str) -> anyhow::Result<ConfidentialClientApplication<AuthorizationCodeCredential>> {
    Ok(ConfidentialClientApplication::builder(client_id)
        .with_auth_code(authorization_code)
        .with_client_secret(client_secret)
        .with_scope(vec!["user.read"])
        .with_redirect_uri(Url::parse("http://localhost:8000/redirect")?)
        .build())
}
§Supported Authorization Flows From The Microsoft Identity Platform

Modules§

extensions
legacy

Structs§

AZURE_CHINA_CLOUD_INSTANCE
AZURE_GERMANY_CLOUD_INSTANCE
AZURE_PUBLIC_CLOUD_INSTANCE
AZURE_US_GOVERNMENT
AllowedHostValidator
AppConfig
AppConfigBuilder
ApplicationOptions
Application Options typically stored as JSON file in .net applications.
Assertion
AuthCodeAuthorizationUrlParameterBuilder
AuthCodeAuthorizationUrlParameters
Get the authorization url required to perform the initial authorization and redirect in the authorization code flow.
AuthorizationCodeAssertionCredential
Authorization Code Using An Assertion
AuthorizationCodeAssertionCredentialBuilder
AuthorizationCodeCertificateCredential
The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources like web APIs. The auth code flow requires a user-agent that supports redirection from the authorization server (the Microsoft identity platform) back to your application. For example, a web browser, desktop, or mobile application operated by a user to sign in to your app and access their data. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow’
AuthorizationCodeCertificateCredentialBuilder
AuthorizationCodeCredential
The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources like web APIs. The auth code flow requires a user-agent that supports redirection from the authorization server (the Microsoft identity platform) back to your application. For example, a web browser, desktop, or mobile application operated by a user to sign in to your app and access their data. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
AuthorizationCodeCredentialBuilder
AuthorizationCodeSpaCredential
The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources like web APIs. The auth code flow requires a user-agent that supports redirection from the authorization server (the Microsoft identity platform) back to your application. For example, a web browser, desktop, or mobile application operated by a user to sign in to your app and access their data. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
AuthorizationCodeSpaCredentialBuilder
AuthorizationError
AuthorizationRequestParts
AuthorizationResponse
BearerTokenCredential
ClientAssertionCredential
Client Credentials Using an Assertion.
ClientAssertionCredentialBuilder
ClientCertificateCredential
Client Credentials Using A Certificate
ClientCertificateCredentialBuilder
ClientCredentialAdminConsentResponse
ClientCredentialsAuthorizationUrlParameterBuilder
ClientCredentialsAuthorizationUrlParameters
ClientSecretCredential
Client Credentials flow using a client secret.
ClientSecretCredentialBuilder
ConfidentialClientApplication
Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with restricted access to the client credentials), or capable of secure client authentication using other means.
ConfidentialClientApplicationBuilder
DeviceAuthorizationResponse
The Device Authorization Response: the authorization server generates a unique device verification code and an end-user code that are valid for a limited time and includes them in the HTTP response body using the “application/json” format [RFC8259] with a 200 (OK) status code
DeviceCodeCredential
The device authorization grant: allows users to sign in to input-constrained devices such as a smart TV, IoT device, or a printer. To enable this flow, the device has the user visit a webpage in a browser on another device to sign in. Once the user signs in, the device is able to get access tokens and refresh tokens as needed.
DeviceCodeCredentialBuilder
DeviceCodePollingExecutor
EnvironmentCredential
Header
A basic JWT header, the alg defaults to HS256 and typ is automatically set to JWT. All the other fields are optional.
IdToken
ID tokens are sent to the client application as part of an OpenID Connect flow. They can be sent alongside or instead of an access token. ID tokens are used by the client to authenticate the user. To learn more about how the Microsoft identity platform issues ID tokens, see ID tokens in the Microsoft identity platform.
OpenIdAuthorizationUrlParameterBuilder
OpenIdAuthorizationUrlParameters
OpenID Connect (OIDC) extends the OAuth 2.0 authorization protocol for use as an additional authentication protocol. You can use OIDC to enable single sign-on (SSO) between your OAuth-enabled applications by using a security token called an ID token. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
OpenIdCredential
OpenID Connect (OIDC) extends the OAuth 2.0 authorization protocol for use as an additional authentication protocol. You can use OIDC to enable single sign-on (SSO) between your OAuth-enabled applications by using a security token called an ID token. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
OpenIdCredentialBuilder
ProofKeyCodeExchange
PublicClientApplication
Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.
PublicClientApplicationBuilder
ResourceOwnerPasswordCredential
Allows an application to sign in the user by directly handling their password. Not recommended. ROPC can also be done using a client secret or assertion, however this client implementation does not offer this use case. This is the same as all MSAL clients. https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.3
ResourceOwnerPasswordCredentialBuilder
Secret
Token
An access token is a security token issued by an authorization server as part of an OAuth 2.0 flow. It contains information about the user and the resource for which the token is intended. The information can be used to access web APIs and other protected resources. Resources validate access tokens to grant access to a client application. For more information, see Access tokens in the Microsoft Identity Platform
TokenData
The return type of a successful call to decode.

Enums§

AadAuthorityAudience
Specifies which Microsoft accounts can be used for sign-in with a given application. See https://aka.ms/msal-net-application-configuration
Authority
Specifies which Microsoft accounts can be used for sign-in with a given application. See https://aka.ms/msal-net-application-configuration
AuthorizationResponseError
The specification defines errors here: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-31#section-4.2.2.1
AzureCloudInstance
STS instance (for instance https://login.microsoftonline.com for the Azure public cloud). Maps to the instance url string.
HostIs
PollDeviceCodeEvent
Response types used when polling for a device code https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
Prompt
Indicates the type of user interaction that is required. Valid values are login, none, consent, and select_account.
ResponseMode
Specifies how the identity platform should return the requested token to your app.
ResponseType

Traits§

AuthorizationUrl
GenPkce
IntoCredentialBuilder
TokenCredentialExecutor
ValidateHosts