[][src]Crate oidc

OpenID Connect Client

There are two ways to interact with this library - the batteries included magic methods, and the slightly more boilerplate fine grained ones. For most users the former is what you want:

This example is not tested
use oidc;
use reqwest;
use std::default::Default;
 
let id = "my client".to_string();
let secret = "a secret to everybody".to_string();
let redirect = reqwest::Url::parse("https://my-redirect.foo/dest")?;
let issuer = oidc::issuer::google();
let client = oidc::discover(id, secret, redirect, issuer)?;
let auth_url = client.auth_url(Default::default());
 
// ... send your user to auth_url, get an auth_code back at your redirect url handler
 
let token = client.authenticate(auth_code, None, None)?;

That example leaves you with a decoded Token that has been validated. Your user is authenticated!

You can also take a more nuanced approach that gives you more fine grained control:

This example is not tested
use oidc;
use reqwest;
use std::default::Default;
 
let id = "my client".to_string();
let secret = "a secret to everybody".to_string();
let redirect = reqwest::Url::parse("https://my-redirect.foo/dest")?;
let issuer = oidc::issuer::google();
let http = reqwest::Client::new();
 
let config = oidc::discovery::discover(&http, issuer)?;
let jwks = oidc::discovery::jwks(&http, config.jwks_uri.clone())?;
let provider = oidc::discovery::Discovered(config);
 
let client = oidc::new(id, secret, redirect, provider, jwks);
let auth_url = client.auth_url(Default::default());

// ... send your user to auth_url, get an auth_code back at your redirect url handler
 
let mut token = client.request_token(&http, auth_code)?;
client.decode_token(&mut token)?;
client.validate_token(&token, None, None)?;
let userinfo = client.request_userinfo(&http, &token)?;

This more complicated version uses the discovery module directly. Important distinctions to make between the two:

  • The complex pattern avoids constructing a new reqwest client every time an outbound method is called. Especially for token decoding having to rebuild reqwest every time can be a large performance penalty.
  • Tokens don't come decoded or validated. You need to do both manually.
  • This version demonstrates userinfo. It is not required by spec, so make sure its available! (you get an Error::Userinfo::Nourl if it is not)

Re-exports

pub use crate::error::Error;

Modules

discovery
error
issuer
token

Structs

Address

Address Claim struct. Can be only formatted, only the rest, or both.

Client

OpenID Connect Client for a provider specified at construction.

Options

Optional parameters that OpenID specifies for the auth URI. Derives Default, so remember to ..Default::default() after you specify what you want.

Userinfo

The userinfo struct contains all possible userinfo fields regardless of scope. See spec.

Enums

Display

The four values for the preferred display parameter in the Options. See spec for details.

Prompt

The four possible values for the prompt parameter set in Options. See spec for details.