Struct openid_client::client::Client

source · 
pub struct Client {
    pub tls_client_certificate_bound_access_tokens: Option<bool>,
    pub post_logout_redirect_uris: Option<Vec<String>>,
    pub authorization_encrypted_response_alg: Option<String>,
    pub authorization_encrypted_response_enc: Option<String>,
    pub authorization_signed_response_alg: Option<String>,
    /* private fields */
}
Expand description

Client instance

Fields§

§tls_client_certificate_bound_access_tokens: Option<bool>

Client’s intention to use mutual-TLS client certificate-bound access tokens

§post_logout_redirect_uris: Option<Vec<String>>

Client’s allowed redirect uris after a logout

§authorization_encrypted_response_alg: Option<String>

ClientMetadata::authorization_encrypted_response_alg

§authorization_encrypted_response_enc: Option<String>

ClientMetadata::authorization_encrypted_response_enc

§authorization_signed_response_alg: Option<String>

ClientMetadata::authorization_encrypted_response_alg

Implementations§

source§

impl Client

Implementation for Client Read Methods

source

pub async fn from_uri_async( registration_client_uri: &str, registration_access_token: Option<String>, jwks: Option<Jwks>, client_options: Option<ClientOptions>, issuer: Option<&Issuer>, interceptor: Option<RequestInterceptor>, is_fapi: bool ) -> Result<Self, OidcClientError>

Creates a client from the Client Read Endpoint

Creates a Client from the Client read endpoint.

  • registration_client_uri - The client read endpoint
  • registration_access_token - The access token to be sent with the request
  • jwks - Private Jwks of the client
  • client_options - The ClientOptions
  • issuer - Issuer
  • interceptor - RequestInterceptor
  • is_fapi - Marks the client as FAPI client
Example:
    let _client = Client::from_uri_async(
        "https://auth.example.com/client/id",
        None,
        None,
        None,
        None,
        None,
        false
    )
    .await
    .unwrap();
Example: with all params
    let jwk = Jwk::generate_rsa_key(2048).unwrap();

    let jwks = Jwks::from(vec![jwk]);

    let client_options = ClientOptions {
        additional_authorized_parties: Some(vec!["authParty".to_string()]),
    };

   #[derive(Debug, Clone)]
   pub(crate) struct CustomInterceptor {
       pub some_header: String,
       pub some_header_value: String,
   }

   impl Interceptor for CustomInterceptor {
       fn intercept(&mut self, _req: &Request) -> RequestOptions {
           let mut headers: HeaderMap = HeaderMap::new();

           let header = HeaderName::from_bytes(self.some_header.as_bytes()).unwrap();
           let header_value = HeaderValue::from_bytes(self.some_header_value.as_bytes()).unwrap();

           headers.append(header, header_value);

           RequestOptions {
               headers,
               timeout: Duration::from_millis(5000),
               ..Default::default()
           }
       }

       fn clone_box(&self) -> Box<dyn Interceptor> {
           Box::new(CustomInterceptor {
               some_header: self.some_header.clone(),
               some_header_value: self.some_header_value.clone(),
           })
       }
   }

   let interceptor = CustomInterceptor {
       some_header: "foo".to_string(),
       some_header_value: "bar".to_string(),
   };

    let issuer = Issuer::discover_async("https://auth.example.com", Some(Box::new(interceptor)))
        .await
        .unwrap();

    let _client = Client::from_uri_async(
        "https://auth.example.com/client/id",
        Some("token".to_string()),
        Some(jwks),
        Some(client_options),
        Some(&issuer),
        Some(Box::new(interceptor)),
        false
    )
    .await
    .unwrap();
source§

impl Client

Implementations for Dynamic Client Registration

source

pub async fn register_async( issuer: &Issuer, client_metadata: ClientMetadata, register_options: Option<ClientRegistrationOptions>, interceptor: Option<RequestInterceptor>, is_fapi: bool ) -> Result<Self, OidcClientError>

Dynamic Client Registration

Attempts a Dynamic Client Registration using the Issuer’s registration_endpoint

Example:
    let issuer = Issuer::discover_async("https://auth.example.com", None)
        .await
        .unwrap();

    let metadata = ClientMetadata {
        client_id: Some("identifier".to_string()),
        ..ClientMetadata::default()
    };

    let _client = Client::register_async(&issuer, metadata, None, None, false)
        .await
        .unwrap();
Example: with all params

   #[derive(Debug, Clone)]
   pub(crate) struct CustomInterceptor {
       pub some_header: String,
       pub some_header_value: String,
   }

   impl Interceptor for CustomInterceptor {
       fn intercept(&mut self, _req: &Request) -> RequestOptions {
           let mut headers: HeaderMap = HeaderMap::new();

           let header = HeaderName::from_bytes(self.some_header.as_bytes()).unwrap();
           let header_value = HeaderValue::from_bytes(self.some_header_value.as_bytes()).unwrap();

           headers.append(header, header_value);

           RequestOptions {
               headers,
               timeout: Duration::from_millis(5000),
               ..Default::default()
           }
       }

       fn clone_box(&self) -> Box<dyn Interceptor> {
           Box::new(CustomInterceptor {
               some_header: self.some_header.clone(),
               some_header_value: self.some_header_value.clone(),
           })
       }
   }

   let interceptor1 = CustomInterceptor {
       some_header: "foo".to_string(),
       some_header_value: "bar".to_string(),
   };

    let interceptor2 = CustomInterceptor {
        some_header: "foo".to_string(),
        some_header_value: "bar".to_string(),
    };

    let issuer = Issuer::discover_async("https://auth.example.com", Some(Box::new(interceptor1)))
        .await
        .unwrap();

    let metadata = ClientMetadata {
        client_id: Some("identifier".to_string()),
        ..ClientMetadata::default()
    };

    let jwk = Jwk::generate_rsa_key(2048).unwrap();

    let registration_options = ClientRegistrationOptions {
        initial_access_token: Some("initial_access_token".to_string()),
        jwks: Some(Jwks::from(vec![jwk])),
        client_options: Default::default(),
    };

    let _client = Client::register_async(
        &issuer,
        metadata,
        Some(registration_options),
        Some(Box::new(interceptor2)),
        false
    )
    .await
    .unwrap();
source§

impl Client

Getter & Setter method implementations for Client

source

pub fn get_client_id(&self) -> String

Get client id

source

pub fn get_client_secret(&self) -> Option<String>

Get client secret

source

pub fn get_grant_types(&self) -> Vec<String>

Get grant types

source

pub fn get_registration_access_token(&self) -> Option<String>

Get registration access token

source

pub fn get_registration_client_uri(&self) -> Option<String>

Get registration client uri

source

pub fn get_client_id_issued_at(&self) -> Option<i64>

Get client id issued at. Epoch(seconds)

source

pub fn get_client_secret_expires_at(&self) -> Option<i64>

Get client secret exprires at. Epoch(seconds)

source

pub fn get_id_token_signed_response_alg(&self) -> String

Get id token signed response algorithm

source

pub fn get_response_types(&self) -> Vec<String>

Get response types. See crate::types::ClientMetadata.

source

pub fn get_token_endpoint_auth_method(&self) -> String

Get token endpoint authentication method. See crate::types::ClientMetadata.

source

pub fn get_token_endpoint_auth_signing_alg(&self) -> Option<String>

Get token endpoint authentication signing alg. See crate::types::ClientMetadata.

source

pub fn get_introspection_endpoint_auth_method(&self) -> Option<String>

Get introspection endpoint authentication method. See crate::types::ClientMetadata.

source

pub fn get_introspection_endpoint_auth_signing_alg(&self) -> Option<String>

Get introspection endpoint authentication signing alg. See crate::types::ClientMetadata.

source

pub fn get_revocation_endpoint_auth_method(&self) -> Option<String>

Get revocation endpoint authentication method. See crate::types::ClientMetadata.

source

pub fn get_revocation_endpoint_auth_signing_alg(&self) -> Option<String>

Get revocation endpoint authentication signing alg. See crate::types::ClientMetadata.

source

pub fn get_authorization_encrypted_response_alg(&self) -> Option<String>

Get authorization encrypted response alg

source

pub fn get_authorization_encrypted_response_enc(&self) -> Option<String>

Get authorization encrypted respnse enc

source

pub fn get_authorization_signed_response_alg(&self) -> Option<String>

Get authorization signed response alg

source

pub fn get_field(&self, key: &str) -> Option<&Value>

Gets a field from other_fields

source

pub fn get_redirect_uri(&self) -> Option<String>

Get redirect uri. See crate::types::ClientMetadata.

source

pub fn get_redirect_uris(&self) -> Option<Vec<String>>

Get redirect uris. See crate::types::ClientMetadata.

source

pub fn get_response_type(&self) -> Option<String>

Get response type

source

pub fn get_application_type(&self) -> Option<String>

Get application type

source

pub fn get_contacts(&self) -> Option<Vec<String>>

Get contacts

source

pub fn get_client_name(&self) -> Option<String>

Get client name

source

pub fn get_logo_uri(&self) -> Option<String>

Get logo uri

source

pub fn get_client_uri(&self) -> Option<String>

Get client uri

source

pub fn get_policy_uri(&self) -> Option<String>

Get policy uri

source

pub fn get_tos_uri(&self) -> Option<String>

Get tos uri

source

pub fn get_jwks_uri(&self) -> Option<String>

Get jwks uri

source

pub fn get_sector_identifier_uri(&self) -> Option<String>

Get sector identifier uri

source

pub fn get_subject_type(&self) -> Option<String>

Get subject type

source

pub fn get_id_token_encrypted_response_alg(&self) -> Option<String>

Get id token encrypted response algorithm

source

pub fn get_id_token_encrypted_response_enc(&self) -> Option<String>

Get id token encrypted response algorithm

source

pub fn get_userinfo_signed_response_alg(&self) -> Option<String>

Get userinfo signed response algorithm

source

pub fn get_userinfo_encrypted_response_alg(&self) -> Option<String>

Get userinfo encrypted response algorithm

source

pub fn get_userinfo_encrypted_response_enc(&self) -> Option<String>

Get userinfo encrypted response algorithm

source

pub fn get_request_object_signing_alg(&self) -> Option<String>

Get request object signing algorithm

source

pub fn get_request_object_encryption_alg(&self) -> Option<String>

Get request object encryption algorithm

source

pub fn get_request_object_encryption_enc(&self) -> Option<String>

Get request object encryption algorithm

source

pub fn get_default_max_age(&self) -> Option<u64>

Get default max age

source

pub fn get_require_auth_time(&self) -> Option<bool>

Get require auth time

source

pub fn get_default_acr_values(&self) -> Option<Vec<String>>

Get default acr values

source

pub fn get_initiate_login_uri(&self) -> Option<String>

Get initiate login uri

source

pub fn get_request_uris(&self) -> Option<String>

Get request uris

source

pub fn get_jwks(&self) -> Option<Jwks>

Get jwks

source

pub fn get_issuer(&self) -> Option<&Issuer>

Gets the issuer that the client was created with.

source

pub fn get_private_jwks(&self) -> Option<Jwks>

Gets the private jwks

source

pub fn get_client_options(&self) -> Option<ClientOptions>

Gets the client options the client was created with

source

pub fn set_request_interceptor(&mut self, interceptor: RequestInterceptor)

Sets a new RequestInterceptor on the client

source§

impl Client

Implementation for Client

source

pub fn authorization_url( &self, params: AuthorizationParameters ) -> Result<Url, OidcClientError>

Authorization Url

Builds an authorization url with respect to the params

Example:
  let issuer_metadata = IssuerMetadata {
      issuer: "https://auth.example.com".to_string(),
      authorization_endpoint: Some("https://auth.example.com/auth".to_string()),
      ..Default::default()
  };

  let issuer = Issuer::new(issuer_metadata, None);

  let client_metadata = ClientMetadata {
      client_id: Some("identifier".to_string()),
      ..Default::default()
  };

  let client = issuer.client(client_metadata, None, None, None).unwrap();

  let url = client.authorization_url(AuthorizationParameters::default()).unwrap();
source

pub fn end_session_url( &self, params: EndSessionParameters ) -> Result<Url, OidcClientError>

End Session Url

Builds an endsession url with respect to the params

Example:
  let issuer_metadata = IssuerMetadata {
      end_session_endpoint: Some("https://auth.example.com/end".to_string()),
      ..Default::default()
  };

  let issuer = Issuer::new(issuer_metadata, None);

  let client_metadata = ClientMetadata {
      client_id: Some("identifier".to_string()),
      ..Default::default()
  };

  let client = issuer.client(client_metadata, None, None, None).unwrap();

  let url = client.end_session_url(EndSessionParameters::default()).unwrap();
source

pub fn authorization_post( &self, params: AuthorizationParameters ) -> Result<String, OidcClientError>

Authorization Post

Builds an authorization post page with respect to the params

Example:
  let issuer_metadata = IssuerMetadata {
      authorization_endpoint: Some("https://auth.example.com/auth".to_string()),
      ..Default::default()
  };

  let issuer = Issuer::new(issuer_metadata, None);

  let client_metadata = ClientMetadata {
      client_id: Some("identifier".to_string()),
      ..Default::default()
  };

  let client = issuer.client(client_metadata, None, None, None).unwrap();

  let html = client.authorization_post(AuthorizationParameters::default()).unwrap();
source

pub async fn grant_async( &mut self, body: HashMap<String, Value>, params: AuthenticationPostParams ) -> Result<TokenSet, OidcClientError>

Token Grant

Performs a grant at the token_endpoint

  • body - HashMap<String, Value> : Request body
  • params - AuthenticationPostParams : Parameters for customizing auth request
Example:
  let issuer_metadata = IssuerMetadata {
      token_endpoint: Some("https://auth.example.com/token".to_string()),
      ..Default::default()
  };

  let issuer = Issuer::new(issuer_metadata, None);

  let client_metadata = ClientMetadata {
      client_id: Some("identifier".to_string()),
      ..Default::default()
  };

  let client = issuer.client(client_metadata, None, None, None).unwrap();

  let body: HashMap<String, Value> = HashMap::new();

  let token_set = client.grant(body, AuthenticationPostParams::default()).await.unwrap();
source

pub async fn oauth_callback_async( &mut self, redirect_uri: Option<String>, params: CallbackParams, checks: Option<OAuthCallbackChecks>, extras: Option<CallbackExtras> ) -> Result<TokenSet, OidcClientError>

OAuth Callback

Performs the callback for Authorization Server’s authorization response.

Example:
  let issuer_metadata = IssuerMetadata {
      issuer: Some("https://auth.example.com".to_string()),
      token_endpoint: Some("https://auth.example.com/token".to_string()),
      ..Default::default()
  };

  let issuer = Issuer::new(issuer_metadata, None);

  let client_metadata = ClientMetadata {
      client_id: Some("identifier".to_string()),
      client_secret: Some("secure".to_string()),
      ..Default::default()
  };

  let callback_params = CallbackParams {
      code: Some("code".to_string()),
      ..Default::default()
  };

  let checks = OAuthCallbackChecks {
      response_type: Some("code".to_string()),
      ..Default::default()
  };

  let token_set = client
      .oauth_callback_async(
          Some("https://rp.example.com/cb".to_string()),
          callback_params,
          Some(checks),
          None,
      )
      .await.unwrap();
source

pub fn set_skip_max_age_check(&mut self, max_age_check: bool)

When skip_max_age_check is set to true, Id token’s Max age wont be validated

source

pub fn set_skip_nonce_check(&mut self, nonce_check: bool)

When skip_nonce_check is set to true, Id token’s Nonce wont be validated

source

pub fn set_clock_skew_duration(&mut self, duration: Duration)

It is possible the RP or OP environment has a system clock skew, which can result in the error “JWT not active yet”.

source

pub async fn callback_async( &mut self, redirect_uri: Option<String>, params: CallbackParams, checks: Option<OpenIDCallbackChecks>, extras: Option<CallbackExtras> ) -> Result<TokenSet, OidcClientError>

Callback

Performs the callback for Authorization Server’s authorization response.

Example:
  let issuer_metadata = IssuerMetadata {
      issuer: Some("https://auth.example.com".to_string()),
      token_endpoint: Some("https://auth.example.com/token".to_string()),
      ..Default::default()
  };

  let issuer = Issuer::new(issuer_metadata, None);

  let client_metadata = ClientMetadata {
      client_id: Some("identifier".to_string()),
      client_secret: Some("secure".to_string()),
      ..Default::default()
  };

  let callback_params = CallbackParams {
      code: Some("code".to_string()),
      ..Default::default()
  };

  let token_set = client
      .callback_async(
          Some("https://rp.example.com/cb".to_string()),
          callback_params,
          None,
          None,
      )
      .await.unwrap();
source

pub async fn introspect_async( &mut self, token: &str, token_type_hint: Option<String>, params: Option<IntrospectionParams> ) -> Result<Response, OidcClientError>

Introspect

Performs an introspection request at Issuer::introspection_endpoint

  • token : The token to introspect
  • token_type_hint : Type of the token passed in token. Usually access_token or refresh_token
  • params: See IntrospectionParams
source

pub fn request_resource_async<'life0, 'life1, 'life_self, 'async_recursion>( &'life_self mut self, resource_url: &'life0 str, token: &'life1 str, token_type: Option<String>, retry: bool, params: RequestResourceParams ) -> Pin<Box<dyn Future<Output = Result<Response, OidcClientError>> + 'async_recursion>>where 'life0: 'async_recursion, 'life1: 'async_recursion, 'life_self: 'async_recursion,

Request Resource

Performs a request to fetch using the access token at resource_url.

  • resource_url : Url of the resource server
  • token : Token to authenticate the resource fetch request
  • token_type : Type of the token. Eg: access_token
  • retry : Whether to retry if the request failed or not
  • params : See RequestResourceParams
source

pub fn callback_params( &self, incoming_url: Option<&Url>, incoming_body: Option<String> ) -> Result<CallbackParams, OidcClientError>

Callback Params

Tries to convert the Url or a body string to CallbackParams

  • incoming_url : The full url of the request (Url). Use this param if the request is of the type GET
  • incoming_body : Incoming body. Use this param if the request is of the type POST

Only one of the above parameter is parsed.

Trait Implementations§

source§

impl Debug for Client

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl !RefUnwindSafe for Client

§

impl !Send for Client

§

impl !Sync for Client

§

impl Unpin for Client

§

impl !UnwindSafe for Client

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more