Crate openid_client

OpenID Client

A feature complete OpenID Client library for Rust. Not stable, kindly report any bugs.

Implemented specs & features

The following client/RP features from OpenID Connect/OAuth2.0 specifications are implemented by openid-client.

• OpenID Connect Core 1.0
  • Authorization Callback
    • Authorization Code Flow
    • Implicit Flow
    • Hybrid Flow
  • UserInfo Request
  • Offline Access / Refresh Token Grant
  • Client Credentials Grant
  • Client Authentication
    • none
    • client_secret_basic
    • client_secret_post
    • client_secret_jwt
    • private_key_jwt
  • Consuming Self-Issued OpenID Provider ID Token response
• OpenID Connect Discovery 1.0
  • Discovery of OpenID Provider (Issuer) Metadata
  • Discovery of OpenID Provider (Issuer) Metadata via user provided inputs (via [webfinger][documentation-webfinger])
• OpenID Connect Dynamic Client Registration 1.0
  • Dynamic Client Registration request
  • Client initialization via registration client uri
• RFC7009 - OAuth 2.0 Token revocation
  • Client Authenticated request to token revocation
• RFC7662 - OAuth 2.0 Token introspection
  • Client Authenticated request to token introspection
• RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)
• RFC8705 - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens
  • Mutual TLS Client Certificate-Bound Access Tokens
  • Metadata for Mutual TLS Endpoint Aliases
  • Client Authentication
    • tls_client_auth
    • self_signed_tls_client_auth
• RFC9101 - OAuth 2.0 JWT-Secured Authorization Request (JAR)
• RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)
• RFC9449 - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)
• OpenID Connect RP-Initiated Logout 1.0
• Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)
• JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• OAuth 2.0 Authorization Server Issuer Identification

Generating JWKs

This crate uses Josekit for JWKs. To create JWKs, refer JWK in the Josekit documentation.

Issuer API

New Instance

• issuer::Issuer::new

OIDC Discovery

• issuer::Issuer::discover_async

Webfinger Discovery

• issuer::Issuer::webfinger_async

Client from Issuer

• issuer::Issuer::client

Client

Instance methods

• client::Client::callback_async
• client::Client::oauth_callback_async
• client::Client::grant_async
• client::Client::authorization_url
• client::Client::end_session_url
• client::Client::authorization_post
• client::Client::introspect_async
• client::Client::callback_params
• client::Client::request_resource_async
• client::Client::refresh_async
• client::Client::revoke_async
• client::Client::userinfo_async
• client::Client::request_object_async
• client::Client::pushed_authorization_request_async
• client::Client::device_authorization_async

Client Read

• client::Client::from_uri_async

Dynamic Client Registration

• client::Client::register_async

Modules

• client
  OIDC Client module
• helpers
  Helpers
• http_client
  Default Http Client
• issuer
  Issuer
• jwks
  Jwks implementation used by this crate.
• re_exports
  Re exports from the crate
• tokenset
  TokenSet Module
• types
  Types Module