Expand description
OpenID Connect relying party utilities.
use greentic_oauth_core::oidc::{OidcClient, PkceState};
use url::Url;
let issuer = Url::parse("https://accounts.example.com")?;
let redirect = Url::parse("https://app.example.com/oauth/callback")?;
let client_id = "oauth-demo-client";
let mut rp = OidcClient::discover(&issuer).await?;
rp.set_client_credentials(client_id, None)?;
let (authorize_url, pkce) = rp.auth_url(&redirect, &["openid", "email"])?;
println!("Redirect the browser to {}", authorize_url);
// ... later, exchange the returned code + PKCE verifier ...
let token_set = rp.exchange_code(code, &pkce, &redirect).await?;
if let Some(id_token) = token_set.id_token.as_deref() {
let claims = rp.validate_id_token(id_token, pkce.nonce())?;
println!("Authenticated subject {}", claims.subject);
}Revocation endpoints are optional; relative values resolve against the issuer and HTTP is permitted only for localhost during development and testing.
Structs§
- IdClaims
- Claims extracted from a validated ID token.
- Oidc
Client - Thin wrapper around OpenID Connect provider discovery and RP interactions.
- Pkce
State - Persisted PKCE state returned by
OidcClient::auth_url.
Enums§
- Oidc
Error - Errors returned by
OidcClient.