openid_client/types/
client_metadata.rs

1use std::collections::HashMap;
2
3use serde::{Deserialize, Serialize};
4use serde_json::Value;
5
6use crate::jwks::Jwks;
7
8/// # Client Metadata
9/// This struct is used to create a client as well as to register a client.
10/// This is why you would see `Option<bool>` in places. Set it explicitly to register a client or
11/// create one
12#[derive(Debug, Serialize, Deserialize, Default)]
13pub struct ClientMetadata {
14    /// Client Id
15    #[serde(skip_serializing_if = "Option::is_none")]
16    pub client_id: Option<String>,
17    /// Client secret
18    #[serde(skip_serializing_if = "Option::is_none")]
19    pub client_secret: Option<String>,
20    /// [Registration Access Token](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
21    #[serde(skip_serializing_if = "Option::is_none")]
22    pub registration_access_token: Option<String>,
23    /// [Registration Client Uri](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
24    #[serde(skip_serializing_if = "Option::is_none")]
25    pub registration_client_uri: Option<String>,
26    /// [Client Id Issued At](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
27    #[serde(skip_serializing_if = "Option::is_none")]
28    pub client_id_issued_at: Option<i64>,
29    /// [Secret Expiry](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
30    /// Epoch Seconds
31    #[serde(skip_serializing_if = "Option::is_none")]
32    pub client_secret_expires_at: Option<i64>,
33    /// [Authentication method](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
34    /// used by the client for authenticating with the OP
35    #[serde(skip_serializing_if = "Option::is_none")]
36    pub token_endpoint_auth_method: Option<String>,
37    /// [Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
38    /// used for signing the JWT used to authenticate
39    /// the client at the token endpoint.
40    #[serde(skip_serializing_if = "Option::is_none")]
41    pub token_endpoint_auth_signing_alg: Option<String>,
42    /// [Authentication method](https://www.rfc-editor.org/rfc/rfc8414.html#section-2)
43    /// used by the client for introspection endpoint
44    #[serde(skip_serializing_if = "Option::is_none")]
45    pub introspection_endpoint_auth_method: Option<String>,
46    /// [Algorithm](https://www.rfc-editor.org/rfc/rfc8414.html#section-2)
47    /// used for signing the JWT used to authenticate
48    /// the client at the introspection endpoint.
49    #[serde(skip_serializing_if = "Option::is_none")]
50    pub introspection_endpoint_auth_signing_alg: Option<String>,
51    /// [Authentication method](https://www.rfc-editor.org/rfc/rfc8414.html#section-2)
52    /// used by the client for revocation endpoint
53    #[serde(skip_serializing_if = "Option::is_none")]
54    pub revocation_endpoint_auth_method: Option<String>,
55    /// [Algorithm](https://www.rfc-editor.org/rfc/rfc8414.html#section-2)
56    /// used for signing the JWT used to authenticate
57    /// the client at the revocation endpoint.
58    #[serde(skip_serializing_if = "Option::is_none")]
59    pub revocation_endpoint_auth_signing_alg: Option<String>,
60    /// The [redirect uri](https://openid.net/specs/openid-connect-http-redirect-1_0-01.html#rf_prep)
61    /// where response will be sent
62    #[serde(skip_serializing_if = "Option::is_none")]
63    pub redirect_uri: Option<String>,
64    /// A list of acceptable [redirect uris](https://openid.net/specs/openid-connect-http-redirect-1_0-01.html#rf_prep)
65    #[serde(skip_serializing_if = "Option::is_none")]
66    pub redirect_uris: Option<Vec<String>>,
67    /// [Response type](https://openid.net/specs/openid-connect-http-redirect-1_0-01.html#rf_prep) supported by the client.
68    #[serde(skip_serializing_if = "Option::is_none")]
69    pub response_type: Option<String>,
70    /// List of [Response type](https://openid.net/specs/openid-connect-http-redirect-1_0-01.html#rf_prep) supported by the client
71    #[serde(skip_serializing_if = "Option::is_none")]
72    pub response_types: Option<Vec<String>>,
73    /// [Grant Types](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
74    #[serde(skip_serializing_if = "Option::is_none")]
75    pub grant_types: Option<Vec<String>>,
76    /// [Jwks Uri](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
77    #[serde(skip_serializing_if = "Option::is_none")]
78    pub jwks_uri: Option<String>,
79    /// [JWKS](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
80    #[serde(skip_serializing_if = "Option::is_none")]
81    pub jwks: Option<Jwks>,
82    /// [Sector Identifier Uri](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
83    #[serde(skip_serializing_if = "Option::is_none")]
84    pub sector_identifier_uri: Option<String>,
85    /// [Subject Type](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
86    #[serde(skip_serializing_if = "Option::is_none")]
87    pub subject_type: Option<String>,
88    /// [Id Token Signed Response Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
89    #[serde(skip_serializing_if = "Option::is_none")]
90    pub id_token_signed_response_alg: Option<String>,
91    /// [Id Token Encrypted Response Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
92    #[serde(skip_serializing_if = "Option::is_none")]
93    pub id_token_encrypted_response_alg: Option<String>,
94    /// [Id Token Encrypted Response Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
95    #[serde(skip_serializing_if = "Option::is_none")]
96    pub id_token_encrypted_response_enc: Option<String>,
97    /// [Userinfo Signed Response Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
98    #[serde(skip_serializing_if = "Option::is_none")]
99    pub userinfo_signed_response_alg: Option<String>,
100    /// [Userinfo Encrypted Response Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
101    #[serde(skip_serializing_if = "Option::is_none")]
102    pub userinfo_encrypted_response_alg: Option<String>,
103    /// [Userinfo Encrypted Response Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
104    #[serde(skip_serializing_if = "Option::is_none")]
105    pub userinfo_encrypted_response_enc: Option<String>,
106    /// [Request Object Signing Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
107    #[serde(skip_serializing_if = "Option::is_none")]
108    pub request_object_signing_alg: Option<String>,
109    /// [Request Object Encryption Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
110    #[serde(skip_serializing_if = "Option::is_none")]
111    pub request_object_encryption_alg: Option<String>,
112    /// [Request Object Encryption Algorithm](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
113    #[serde(skip_serializing_if = "Option::is_none")]
114    pub request_object_encryption_enc: Option<String>,
115    /// [Default Max Age](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
116    #[serde(skip_serializing_if = "Option::is_none")]
117    pub default_max_age: Option<u64>,
118    /// [Require Auth Time](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
119    #[serde(skip_serializing_if = "Option::is_none")]
120    pub require_auth_time: Option<bool>,
121    /// [Default Acr Values](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
122    #[serde(skip_serializing_if = "Option::is_none")]
123    pub default_acr_values: Option<Vec<String>>,
124    /// [Initiate Login Uri](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
125    #[serde(skip_serializing_if = "Option::is_none")]
126    pub initiate_login_uri: Option<String>,
127    /// [Request Uris](https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata)
128    #[serde(skip_serializing_if = "Option::is_none")]
129    pub request_uris: Option<String>,
130    /// Client's intention to use [mutual-TLS client certificate-bound access tokens](https://datatracker.ietf.org/doc/html/rfc8705#name-client-registration-metadata-2)
131    #[serde(skip_serializing_if = "Option::is_none")]
132    pub tls_client_certificate_bound_access_tokens: Option<bool>,
133    /// Client's allowed redirect uris after a logout
134    #[serde(skip_serializing_if = "Option::is_none")]
135    pub post_logout_redirect_uris: Option<Vec<String>>,
136    /// Algorithm used for signing authorization responses.
137    /// If this is specified, the response will be signed using JWS and the configured algorithm.
138    /// The algorithm none is not allowed. The default, if omitted, is RS256
139    /// [See JARM Spec](https://openid.net/specs/openid-financial-api-jarm.html#client-metadata)
140    #[serde(skip_serializing_if = "Option::is_none")]
141    pub authorization_signed_response_alg: Option<String>,
142    /// Algorithm used for encrypting authorization responses.
143    /// If both signing and encryption are requested, the response will be signed then encrypted,
144    /// with the result being a Nested JWT, as defined in JWT RFC7519.
145    /// The default, if omitted, is that no encryption is performed.
146    /// [See JARM Spec](https://openid.net/specs/openid-financial-api-jarm.html#client-metadata)
147    #[serde(skip_serializing_if = "Option::is_none")]
148    pub authorization_encrypted_response_alg: Option<String>,
149    /// Algoritm for encrypting authorization responses.
150    /// If authorization_encrypted_response_alg is specified, the default for this value is A128CBC-HS256.
151    ///  When authorization_encrypted_response_enc is included, authorization_encrypted_response_alg MUST
152    /// also be provided.
153    /// [See JARM Spec](https://openid.net/specs/openid-financial-api-jarm.html#client-metadata)
154    #[serde(skip_serializing_if = "Option::is_none")]
155    pub authorization_encrypted_response_enc: Option<String>,
156    /// A boolean value specifying whether the client always uses DPoP for token requests. If omitted, the default value is false.
157    #[serde(skip_serializing_if = "Option::is_none")]
158    pub dpop_bound_access_tokens: Option<bool>,
159    /// Extra key values
160    #[serde(flatten, skip_serializing_if = "HashMap::is_empty")]
161    pub other_fields: HashMap<String, Value>,
162}