pub struct Client { /* private fields */ }
Expand description
OpenID Connect Client for a provider specified at construction.
Implementations
sourceimpl Client
impl Client
sourcepub fn discover(
id: String,
secret: String,
redirect: Url,
issuer: Url
) -> Result<Self, Error>
pub fn discover(
id: String,
secret: String,
redirect: Url,
issuer: Url
) -> Result<Self, Error>
Constructs a client from an issuer url and client parameters via discovery
sourcepub fn new(
id: String,
secret: String,
redirect: Url,
provider: Discovered,
jwks: JWKSet<Empty>
) -> Self
pub fn new(
id: String,
secret: String,
redirect: Url,
provider: Discovered,
jwks: JWKSet<Empty>
) -> Self
Constructs a client from a given provider, key set, and parameters. Unlike ::discover(..) this function does not perform any network operations.
sourcepub fn redirect_url(&self) -> &str
pub fn redirect_url(&self) -> &str
Passthrough to the redirect_url stored in inth_oauth2 as a str.
sourcepub fn request_token(
&self,
client: &Client,
auth_code: &str
) -> Result<Token, Error>
pub fn request_token(
&self,
client: &Client,
auth_code: &str
) -> Result<Token, Error>
Passthrough to the inth_oauth2::client’s request token.
sourcepub fn config(&self) -> &Config
pub fn config(&self) -> &Config
A reference to the config document of the provider obtained via discovery
sourcepub fn auth_url(&self, options: &Options) -> Url
pub fn auth_url(&self, options: &Options) -> Url
Constructs the auth_url to redirect a client to the provider. Options are… optional. Use them as needed. Keep the Options struct around for authentication, or at least the nonce and max_age parameter - we need to verify they stay the same and validate if you used them.
sourcepub fn authenticate(
&self,
auth_code: &str,
nonce: Option<&str>,
max_age: Option<&Duration>
) -> Result<Token, Error>
pub fn authenticate(
&self,
auth_code: &str,
nonce: Option<&str>,
max_age: Option<&Duration>
) -> Result<Token, Error>
Given an auth_code and auth options, request the token, decode, and validate it.
sourcepub fn decode_token(
&self,
token: &mut Compact<Claims, Empty>
) -> Result<(), Error>
pub fn decode_token(
&self,
token: &mut Compact<Claims, Empty>
) -> Result<(), Error>
Mutates a Compact::encoded Token to Compact::decoded. Errors are:
- Decode::MissingKid if the keyset has multiple keys but the key id on the token is missing
- Decode::MissingKey if the given key id is not in the key set
- Decode::EmptySet if the keyset is empty
- Jose::WrongKeyType if the alg of the key and the alg in the token header mismatch
- Jose::WrongKeyType if the specified key alg isn’t a signature algorithm
- Jose error if decoding fails
sourcepub fn validate_token(
&self,
token: &Compact<Claims, Empty>,
nonce: Option<&str>,
max_age: Option<&Duration>
) -> Result<(), Error>
pub fn validate_token(
&self,
token: &Compact<Claims, Empty>,
nonce: Option<&str>,
max_age: Option<&Duration>
) -> Result<(), Error>
Validate a decoded token. If you don’t get an error, its valid! Nonce and max_age come from your auth_uri options. Errors are:
- Jose Error if the Token isn’t decoded
- Validation::Mismatch::Issuer if the provider issuer and token issuer mismatch
- Validation::Mismatch::Nonce if a given nonce and the token nonce mismatch
- Validation::Missing::Nonce if either the token or args has a nonce and the other does not
- Validation::Missing::Audience if the token aud doesn’t contain the client id
- Validation::Missing::AuthorizedParty if there are multiple audiences and azp is missing
- Validation::Mismatch::AuthorizedParty if the azp is not the client_id
- Validation::Expired::Expires if the current time is past the expiration time
- Validation::Expired::MaxAge is the token is older than the provided max_age
- Validation::Missing::Authtime if a max_age was given and the token has no auth time
sourcepub fn request_userinfo(
&self,
client: &Client,
token: &Token
) -> Result<Userinfo, Error>
pub fn request_userinfo(
&self,
client: &Client,
token: &Token
) -> Result<Userinfo, Error>
Get a userinfo json document for a given token at the provider’s userinfo endpoint. Errors are:
- Userinfo::NoUrl if this provider doesn’t have a userinfo endpoint
- Error::Insecure if the userinfo url is not https
- Error::Jose if the token is not decoded
- Error::Http if something goes wrong getting the document
- Error::Json if the response is not a valid Userinfo document
- Userinfo::MismatchSubject if the returned userinfo document and tokens subject mismatch