[−][src]Crate oidc
OpenID Connect Client
There are two ways to interact with this library - the batteries included magic methods, and the slightly more boilerplate fine grained ones. For most users the former is what you want:
use oidc; use reqwest; use std::default::Default; let id = "my client".to_string(); let secret = "a secret to everybody".to_string(); let redirect = reqwest::Url::parse("https://my-redirect.foo/dest")?; let issuer = oidc::issuer::google(); let client = oidc::Client::discover(id, secret, redirect, issuer)?; let auth_url = client.auth_url(&Default::default()); // ... send your user to auth_url, get an auth_code back at your redirect url handler let token = client.authenticate(auth_code, None, None)?;
That example leaves you with a decoded Token that has been validated. Your user is
authenticated!
You can also take a more nuanced approach that gives you more fine grained control:
use oidc; use reqwest; use std::default::Default; let id = "my client".to_string(); let secret = "a secret to everybody".to_string(); let redirect = reqwest::Url::parse("https://my-redirect.foo/dest")?; let issuer = oidc::issuer::google(); let http = reqwest::Client::new(); let config = oidc::discovery::discover(&http, issuer)?; let jwks = oidc::discovery::jwks(&http, config.jwks_uri.clone())?; let provider = oidc::discovery::Discovered(config); let client = oidc::new(id, secret, redirect, provider, jwks); let auth_url = client.auth_url(Default::default()); // ... send your user to auth_url, get an auth_code back at your redirect url handler let mut token = client.request_token(&http, auth_code)?; client.decode_token(&mut token)?; client.validate_token(&token, None, None)?; let userinfo = client.request_userinfo(&http, &token)?;
This more complicated version uses the discovery module directly. Important distinctions to make between the two:
- The complex pattern avoids constructing a new reqwest client every time an outbound method is called. Especially for token decoding having to rebuild reqwest every time can be a large performance penalty.
- Tokens don't come decoded or validated. You need to do both manually.
- This version demonstrates userinfo. It is not required by spec, so make sure its available! (you get an Error::Userinfo::Nourl if it is not)
Re-exports
pub use crate::error::Error; |
Modules
| discovery | |
| error | |
| issuer | |
| token |
Structs
| Address | Address Claim struct. Can be only formatted, only the rest, or both. |
| Client | OpenID Connect Client for a provider specified at construction. |
| Options | Optional parameters that OpenID specifies for the auth URI. Derives Default, so remember to ..Default::default() after you specify what you want. |
| Userinfo | The userinfo struct contains all possible userinfo fields regardless of scope. See spec. |
Enums
| Display | The four values for the preferred display parameter in the Options. See spec for details. |
| Prompt | The four possible values for the prompt parameter set in Options. See spec for details. |