ones_oidc/lib.rs
1//! ONES OpenID Connect client for Rust
2//!
3//! This library provides authentication with ONES using OpenID Connect (OIDC)
4//! and Client Initiated Backchannel Authentication (CIBA).
5//!
6//! # Quick Start
7//!
8//! ```rust,no_run
9//! use ones_oidc::{OpenIdconnectClient, OnesOidcConfig, load_device_config, read_private_key};
10//! use openidconnect::{core::CoreProviderMetadata, reqwest::async_http_client};
11//!
12//! # async fn example() -> Result<(), Box<dyn std::error::Error>> {
13//! // Load device configuration
14//! let device_config = load_device_config("device_config.yml")?;
15//! let private_key = read_private_key("private_key.pem")?;
16//!
17//! // Get issuer URL and discover metadata
18//! let issuer_url = device_config.get_issuer_url()?;
19//! let provider_metadata = CoreProviderMetadata::discover_async(
20//! issuer_url.clone(),
21//! async_http_client,
22//! ).await?;
23//!
24//! // Create client with configuration
25//! let config = OnesOidcConfig::default()
26//! .timeout(std::time::Duration::from_secs(10));
27//!
28//! let client = OpenIdconnectClient::with_config(
29//! device_config.client_id,
30//! issuer_url,
31//! provider_metadata,
32//! private_key,
33//! config,
34//! );
35//! # Ok(())
36//! # }
37//! ```
38
39// Private implementation modules
40mod config;
41mod device;
42mod device_config;
43mod errors;
44mod http_client;
45mod identifier;
46mod oidc;
47mod oidc_backend;
48mod oidc_types;
49mod utils;
50mod well_known;
51
52// Optional public modules for advanced usage
53pub mod actions;
54
55// === Core API ===
56
57/// Main OIDC client for authentication operations
58pub use oidc::OpenIdconnectClient;
59
60/// Configuration for the OIDC client
61pub use config::OnesOidcConfig;
62
63/// Device configuration loading utilities
64pub use device_config::{load_device_config, DeviceConfig};
65
66/// Private key utilities
67pub use utils::read_private_key;
68
69// === Error Types ===
70
71pub use errors::{DeviceError, OidcError, UtilsError, WellKnownApplicationsError};
72
73// === Authentication Types ===
74
75pub use oidc_types::{
76 AuthenticatedEntity,
77 AuthenticatedEntityKind,
78 AuthenticationMethod,
79 AuthenticationResult,
80 LoginHint,
81};
82
83// === Identifier Types ===
84
85pub use identifier::{IdentifierType, NewIdentifier};
86
87// === Well-Known Application Discovery ===
88
89pub use well_known::{
90 get_applications_well_known,
91 get_well_known_application_by_client_identifier,
92 ApplicationType,
93 ApplicationsWellKnown,
94};
95
96// === OIDC Backend Types (for advanced users) ===
97
98pub use oidc_backend::{
99 CibaLoginRequestFrontend,
100 CibaLoginRequestFrontendWithoutResource,
101 CibaStatusRequestFrontend,
102 QrStatusRequest,
103 QrStatusRequestFrontend,
104 RefreshTokenRequestFrontend,
105};
106
107// === Default Configuration Paths ===
108
109/// Default path for device configuration file
110pub const DEFAULT_DEVICE_CONFIG_PATH: &str = "/etc/px-device-identity/device.yml";
111
112/// Default path for device private key file
113pub const DEFAULT_PRIVATE_KEY_PATH: &str = "/root/.local/share/px-device-identity/private.pem";
114
115// === Re-exported OpenIDConnect Types ===
116
117/// Re-exported types from the `openidconnect` crate for convenience
118pub use openidconnect::{
119 core::{CoreProviderMetadata, CoreTokenType},
120 ClientId,
121 EmptyExtraTokenFields,
122 StandardTokenResponse,
123 IssuerUrl,
124 AccessToken,
125};