Expand description
OpenID Connect Client
There are two ways to interact with this library - the batteries included magic methods, and the slightly more boilerplate but more fine grained ones. For most users the following is what you want.
ⓘ
use oidc;
use reqwest;
use std::default::Default;
let id = "my client".to_string();
let secret = "a secret to everybody".to_string();
let redirect = reqwest::Url::parse("https://my-redirect.foo")?;
let issuer = oidc::issuer::google();
let client = oidc::discover(id, secret, redirect, issuer)?;
let auth_url = client.auth_url(Default::default());
// ... send your user to auth_url, get an auth_code back at your redirect_url handler
let token = client.authenticate(auth_code, None, None)?;
That example leaves you with a decoded Token
that has been validated. Your user is
authenticated!
You can also take a more nuanced approach that gives you more fine grained control:
ⓘ
use oidc;
use reqwest;
use std::default::Default;
let id = "my client".to_string();
let secret = "a secret to everybody".to_string();
let redirect = reqwest::Url::parse("https://my-redirect.foo")?;
let issuer = oidc::issuer::google();
let http = reqwest::Client::new();
let config = oidc::discovery::discover(&http, issuer)?;
let jwks = oidc::discovery::jwks(&http, config.jwks_uri.clone())?;
let provider = oidc::discovery::Discovered { config };
let client = oidc::new(id, secret, redirect, provider, jwks);
let auth_url = client.auth_url(Default::default());
// ... send your user to auth_url, get an auth_code back at your redirect_url handler
let mut token = client.request_token(&http, auth_code)?;
client.decode_token(&mut token)?;
client.validate_token(&token, None, None)?;
let userinfo = client.request_userinfo(&http, &token)?;
This more complicated version uses the discovery module directly. Important distinctions to make between the two:
- The complex pattern avoids constructing a new reqwest client every time an outbound method is called. Especially for token decoding having to rebuild reqwest every time can be a large performance penalty.
- Tokens don’t come decoded or validated. You need to do both manually.
- This version demonstrates userinfo. It is not required by spec, so make sure its available! (you get an Error::Userinfo::Nourl if it is not)
Re-exports
pub use error::Error;
Modules
Structs
Address Claim struct. Can be only formatted, only the rest, or both.
OpenID Connect Client for a provider specified at construction.
Optional parameters that OpenID specifies for the auth URI.
Derives Default, so remember to ..Default::default() after you specify what you want.