oauth2_broker/provider/descriptor/
grant.rs

1// self
2use crate::_prelude::*;
3
4/// OAuth 2.0 grant types supported by the broker.
5#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, Serialize, Deserialize)]
6#[serde(rename_all = "snake_case")]
7pub enum GrantType {
8	/// Authorization Code grant (PKCE recommended).
9	AuthorizationCode,
10	/// Refresh Token grant for long-lived sessions.
11	RefreshToken,
12	/// Client Credentials grant for app-only tokens.
13	ClientCredentials,
14}
15impl GrantType {
16	/// Returns the RFC 6749 identifier for the grant type.
17	pub fn as_str(self) -> &'static str {
18		match self {
19			GrantType::AuthorizationCode => "authorization_code",
20			GrantType::RefreshToken => "refresh_token",
21			GrantType::ClientCredentials => "client_credentials",
22		}
23	}
24}
25impl Display for GrantType {
26	fn fmt(&self, f: &mut Formatter) -> FmtResult {
27		f.write_str(self.as_str())
28	}
29}
30
31/// Collection of grant flags wired into the descriptor.
32#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, Serialize, Deserialize)]
33pub struct SupportedGrants {
34	/// Indicates whether the Authorization Code grant is enabled.
35	pub authorization_code: bool,
36	/// Indicates whether the Refresh Token grant is enabled.
37	pub refresh_token: bool,
38	/// Indicates whether the Client Credentials grant is enabled.
39	pub client_credentials: bool,
40}
41impl SupportedGrants {
42	/// Returns true if the provided grant is supported.
43	pub fn supports(self, grant: GrantType) -> bool {
44		match grant {
45			GrantType::AuthorizationCode => self.authorization_code,
46			GrantType::RefreshToken => self.refresh_token,
47			GrantType::ClientCredentials => self.client_credentials,
48		}
49	}
50
51	/// Marks a grant as supported.
52	pub fn enable(mut self, grant: GrantType) -> Self {
53		match grant {
54			GrantType::AuthorizationCode => self.authorization_code = true,
55			GrantType::RefreshToken => self.refresh_token = true,
56			GrantType::ClientCredentials => self.client_credentials = true,
57		}
58
59		self
60	}
61
62	/// Returns true when no grants are enabled.
63	pub fn is_empty(self) -> bool {
64		!self.authorization_code && !self.refresh_token && !self.client_credentials
65	}
66}