Expand description
OAuth 2.1 and OpenID Connect provider support for OpenAuth.
This crate ports the server-side Better Auth oauth-provider behavior into
idiomatic Rust. It is intentionally separate from openauth-oauth, which
contains OAuth client and social-provider primitives.
Modules§
Structs§
- Client
Privileges Input - Input passed to the OAuth client privileges resolver.
- Client
Privileges Resolver - Async callback that authorizes OAuth client-management actions.
- Client
Reference Input - Input passed to the OAuth client reference resolver.
- Client
Reference Resolver - Async callback that resolves the non-user owner of OAuth clients.
- Client
Secret Hash Input - Input passed to custom client secret hash callbacks.
- Client
Secret Hash Resolver - Async callback that hashes client secrets before persistence.
- Client
Secret Verify Input - Input passed to custom client secret verification callbacks.
- Client
Secret Verify Resolver - Async callback that verifies client secrets against stored values.
- Consent
Grant Input - Input for creating or updating an OAuth consent grant.
- CreateO
Auth Client Input - Custom
Access Token Claims Input - Input passed to custom access token claim callbacks.
- Custom
Access Token Claims Resolver - Async callback that provides additional access token or introspection claims.
- Custom
IdToken Claims Input - Input passed to custom ID token claim callbacks.
- Custom
IdToken Claims Resolver - Async callback that provides additional ID token claims.
- Custom
Token Response Fields Input - Input passed to custom token response field callbacks.
- Custom
Token Response Fields Resolver - Async callback that provides extra token response fields.
- Custom
User Info Claims Input - Input passed to custom userinfo claim callbacks.
- Custom
User Info Claims Resolver - Async callback that provides additional userinfo claims.
- OAuth
Access Token - Stored opaque OAuth access token row.
- OAuth
Client - OAuth 2.0 Dynamic Client Registration payload/response.
- OAuth
Consent - Stored OAuth consent row.
- OAuth
Provider Error - OAuth provider runtime error.
- OAuth
Provider Options - User-facing OAuth provider plugin options.
- OAuth
Provider Plugin - OAuth provider extension returned by
crate::oauth_provider. - OAuth
Provider Rate Limits - Rate-limit settings for OAuth provider endpoints.
- OAuth
Refresh Token - Stored OAuth refresh token row.
- OAuth
Token Prefixes - Optional public prefixes applied to generated OAuth secrets before returning them.
- Prompt
Redirect Input - Input passed to advanced prompt redirect callbacks.
- Prompt
Redirect Resolver - Async callback that may redirect an advanced prompt step to a page.
- Refresh
Token Format Decode Output - Output returned from custom refresh token decoders.
- Refresh
Token Format Encode Input - Input passed to custom refresh token formatters.
- Refresh
Token Formatter - Async callbacks that encode and decode refresh tokens returned to OAuth clients.
- Request
UriResolver - Async callback that resolves pushed authorization request parameters.
- Request
UriResolver Input - Input passed to request URI resolution.
- ResolvedO
Auth Provider Options - Fully resolved OAuth provider options after upstream-compatible defaults.
- Schema
Client - Stored OAuth client row.
- String
Generator Resolver - Async callback used to generate OAuth identifiers and token secrets.
- Token
Hash Input - Input passed to custom OAuth token hash callbacks.
- Token
Hash Resolver - Async callback that hashes OAuth tokens before lookup or persistence.
- Token
Response - Trusted
Client Cache
Enums§
- Authorize
Decision - Client
Privilege Action - OAuth client-management action checked by
ClientPrivilegesResolver. - Grant
Type - Supported token endpoint grant types.
- OAuth
Provider Config Error - OAuth provider configuration errors.
- OAuth
Provider Rate Limit - Per-endpoint OAuth provider rate-limit behavior.
- Secret
Storage - Storage strategy for OAuth provider secrets and tokens.
- Token
Endpoint Auth Method - OAuth token endpoint client authentication method.
Constants§
- OAUTH_
ACCESS_ TOKEN_ MODEL - OAUTH_
CLIENT_ MODEL - OAUTH_
CONSENT_ MODEL - OAUTH_
REFRESH_ TOKEN_ MODEL - VERSION
- Current crate version.
Functions§
- auth_
server_ metadata - check_
oauth_ client - create_
client_ credentials_ token - decide_
authorize - decode_
refresh_ token - delete_
consent - find_
consent - has_
granted_ scopes - oauth_
provider - Build the OAuth provider extension.
- oauth_
provider_ schema - Database schema contributions for the OAuth provider plugin.
- oauth_
to_ schema - oidc_
server_ metadata - schema_
to_ oauth - store_
client_ secret - store_
token - upsert_
consent - verify_
client_ secret