Expand description
The foundational traits and types for the huskarl OAuth2 ecosystem.
Most applications depend on the higher-level huskarl crate (grants, token
cache, authorizer) rather than this crate directly. huskarl-core is the shared
base they build on — the utilities below are also useful on their own, whether
you are writing OAuth tooling or implementing a backend for the rest of the
ecosystem.
§The huskarl ecosystem
This crate is one of three that fit together. Each carries its own how-to guides
and explanation in a _docs module:
huskarl—OAuth2clients: grants, token caching, and the request authorizer.huskarl-resource-server— resource servers: access-token validation and request authorization.huskarl-core(this crate) — the shared foundation the other two build on.
§What’s here
- JOSE primitives —
jwtbuilds, signs, and validates JWTs;jwkparses and produces JWK/JWKS wire types;cryptoholds the signing, verification, and encryption traits plus a set of composable wrappers (multi-key, refreshable, retrying). - Secret handling —
secretsretrieves credentials from environment variables, files, or your own provider, behind redacted wrappers that keep them out of logs, with optional decoding and caching. - Client authentication —
client_authcarries the ways a client authenticates to an authorization server (client secret, private-key JWT, or none). DPoP—dpopprovides proof-of-possession binding for the authorization-server and resource-server flows.- HTTP —
httpdefines theHttpClientseam that decouples the ecosystem from any specific HTTP implementation. - Authorization-server metadata —
server_metadatamodels RFC 8414 / OIDC discovery documents. - Wire encoding —
oauth_formserializes OAuth messages asapplication/x-www-form-urlencoded, including structured RFC 9396 values. - Errors — the flows return the one concrete
Error/ErrorKind, which embeds cleanly in your own error type. A few subsystems return their own typed errors where the variants are the API — JWT validation (JwtValidationError), low-level verification (crypto::verifier), and wire encoding (oauth_form::Error) — design oneFromarm forErrorplus arms for the subsystem errors you call directly.
§Guides and explanation
The API items here are the reference documentation. For task-oriented how-to
guides — building and
validating JWTs,
providing secrets, and
implementing a backend — and design
explanation — the error model,
handling untrusted keys, and
composing crypto strategies — see the
_docs module.
Re-exports§
pub use authorization_details::AuthorizationDetail;pub use error::Error;pub use error::ErrorKind;
Modules§
- _docs
docsrs - Extended documentation: how-to guides and explanation.
- authorization_
details - RFC 9396 Rich Authorization Requests — the
authorization_detailsparameter. - client_
auth OAuth2client authentication support.- crypto
- Cryptographic interfaces and definitions.
- dpop
- Demonstrating Proof-of-Possession (
DPoP) support. - error
- The concrete
Errortype used across the huskarl ecosystem. - http
- HTTP client and response abstractions.
- jwk
- JSON Web Key (JWK) types per RFC 7517/7518/8037.
- jwt
- JWT support
- oauth_
form application/x-www-form-urlencodedserialization for OAuth 2.0 messages.- platform
- Platform-specific marker traits for cross-platform compatibility.
- prelude
- Anonymous trait imports that make the crate’s method syntax work.
- resource_
metadata - RFC 9728 - OAuth 2.0 Protected Resource Metadata.
- secrets
- Async secret access.
- serde_
utils - Serde helpers for OIDC and
OAuth2wire formats. - server_
metadata - RFC 8414 - OAuth 2.0 Authorization Server Metadata.
Structs§
- Endpoint
Url - An endpoint URL.