Skip to main content

Crate jacquard_oauth

Crate jacquard_oauth 

Source
Expand description

§Jacquard OAuth 2.1 implementation for the AT Protocol

Implements the AT Protocol OAuth profile, including DPoP (Demonstrating Proof-of-Possession), PKCE, PAR (Pushed Authorization Requests), and token management.

§Authentication flow

use jacquard_oauth::client::OAuthClient;
use jacquard_oauth::session::ClientData;
use jacquard_oauth::atproto::AtprotoClientMetadata;
use jacquard_oauth::loopback::LoopbackConfig;
use jacquard_oauth::authstore::MemoryAuthStore;

let store = MemoryAuthStore::new();

// Create client with metadata
let client_data = ClientData {
    keyset: None,  // Will generate ES256 keypair if needed
    config: AtprotoClientMetadata::default_localhost(),
};
let oauth = OAuthClient::new(store, client_data);

// Start auth flow (with loopback feature)
let session = oauth.login_with_local_server(
    "alice.bsky.social",
    Default::default(),
    LoopbackConfig::default(),
).await?;

// Session handles token refresh automatically

§AT Protocol specifics

The AT Protocol OAuth profile adds:

  • Required DPoP for all token requests
  • PAR (Pushed Authorization Requests) for better security
  • Specific scope format (atproto, transition:generic, etc.)
  • Server metadata discovery at /.well-known/oauth-authorization-server

See atproto module for AT Protocol-specific metadata helpers.

Modules§

atproto
AT Protocol-specific OAuth client metadata helpers and builder types.
authstore
Storage trait and in-memory implementation for OAuth client auth state.
client
High-level OAuth client for driving the full authorization code flow.
dpop
DPoP (Demonstrating Proof-of-Possession) key generation and request signing.
error
Top-level OAuth error types for the authorization flow.
jose
JOSE primitives: JWS headers, JWT claims, and signing utilities.
keyset
JWK keyset management for signing keys used in DPoP and client auth.
loopback
Loopback server helpers for the local redirect-based OAuth flow.
request
Low-level OAuth request helpers: PAR, token exchange, and refresh.
resolver
OAuth server metadata resolution: authorization server and protected resource discovery.
scopes
AT Protocol OAuth scopes
session
OAuth session types, token storage, and DPoP session state.
types
OAuth protocol types: client metadata, token sets, and server metadata.
utils
Miscellaneous cryptographic utilities: key generation, PKCE, and hashing helpers.

Constants§

FALLBACK_ALG
Fallback signing algorithm used when no preferred algorithm is negotiated with the server.