Skip to main content

Crate huskarl_core

Crate huskarl_core 

Source
Expand description

The foundational traits and types for the huskarl OAuth2 ecosystem.

Most applications depend on the higher-level huskarl crate (grants, token cache, authorizer) rather than this crate directly. huskarl-core is the shared base they build on — the utilities below are also useful on their own, whether you are writing OAuth tooling or implementing a backend for the rest of the ecosystem.

§The huskarl ecosystem

This crate is one of three that fit together. Each carries its own how-to guides and explanation in a _docs module:

  • huskarlOAuth2 clients: grants, token caching, and the request authorizer.
  • huskarl-resource-serverresource servers: access-token validation and request authorization.
  • huskarl-core (this crate) — the shared foundation the other two build on.

§What’s here

  • JOSE primitivesjwt builds, signs, and validates JWTs; jwk parses and produces JWK/JWKS wire types; crypto holds the signing, verification, and encryption traits plus a set of composable wrappers (multi-key, refreshable, retrying).
  • Secret handlingsecrets retrieves credentials from environment variables, files, or your own provider, behind redacted wrappers that keep them out of logs, with optional decoding and caching.
  • Client authenticationclient_auth carries the ways a client authenticates to an authorization server (client secret, private-key JWT, or none).
  • DPoPdpop provides proof-of-possession binding for the authorization-server and resource-server flows.
  • HTTPhttp defines the HttpClient seam that decouples the ecosystem from any specific HTTP implementation.
  • Authorization-server metadataserver_metadata models RFC 8414 / OIDC discovery documents.
  • Wire encodingoauth_form serializes OAuth messages as application/x-www-form-urlencoded, including structured RFC 9396 values.
  • Errors — the flows return the one concrete Error/ErrorKind, which embeds cleanly in your own error type. A few subsystems return their own typed errors where the variants are the API — JWT validation (JwtValidationError), low-level verification (crypto::verifier), and wire encoding (oauth_form::Error) — design one From arm for Error plus arms for the subsystem errors you call directly.

§Guides and explanation

The API items here are the reference documentation. For task-oriented how-to guides — building and validating JWTs, providing secrets, and implementing a backend — and design explanation — the error model, handling untrusted keys, and composing crypto strategies — see the _docs module.

Re-exports§

pub use authorization_details::AuthorizationDetail;
pub use error::Error;
pub use error::ErrorKind;

Modules§

_docsdocsrs
Extended documentation: how-to guides and explanation.
authorization_details
RFC 9396 Rich Authorization Requests — the authorization_details parameter.
client_auth
OAuth2 client authentication support.
crypto
Cryptographic interfaces and definitions.
dpop
Demonstrating Proof-of-Possession (DPoP) support.
error
The concrete Error type used across the huskarl ecosystem.
http
HTTP client and response abstractions.
jwk
JSON Web Key (JWK) types per RFC 7517/7518/8037.
jwt
JWT support
oauth_form
application/x-www-form-urlencoded serialization for OAuth 2.0 messages.
platform
Platform-specific marker traits for cross-platform compatibility.
prelude
Anonymous trait imports that make the crate’s method syntax work.
resource_metadata
RFC 9728 - OAuth 2.0 Protected Resource Metadata.
secrets
Async secret access.
serde_utils
Serde helpers for OIDC and OAuth2 wire formats.
server_metadata
RFC 8414 - OAuth 2.0 Authorization Server Metadata.

Structs§

EndpointUrl
An endpoint URL.