openid_client/lib.rs
1#![warn(missing_docs)]
2#![doc(html_logo_url = "https://i.ibb.co/d49gz0F/oidc.png")]
3#![doc(html_favicon_url = "https://i.ibb.co/1TNK5bY/oidc-1.png")]
4
5//! # OpenID Client
6//!
7//! A feature complete OpenID Client library for Rust. Not stable, kindly report any bugs.
8//!
9//! ## Implemented specs & features
10//!
11//! The following client/RP features from OpenID Connect/OAuth2.0 specifications are implemented by
12//! openid-client.
13//!
14//! - [OpenID Connect Core 1.0][feature-core]
15//! - Authorization Callback
16//! - Authorization Code Flow
17//! - Implicit Flow
18//! - Hybrid Flow
19//! - UserInfo Request
20//! - Offline Access / Refresh Token Grant
21//! - Client Credentials Grant
22//! - Client Authentication
23//! - none
24//! - client_secret_basic
25//! - client_secret_post
26//! - client_secret_jwt
27//! - private_key_jwt
28//! - Consuming Self-Issued OpenID Provider ID Token response
29//! - [OpenID Connect Discovery 1.0][feature-discovery]
30//! - Discovery of OpenID Provider (Issuer) Metadata
31//! - Discovery of OpenID Provider (Issuer) Metadata via user provided inputs (via [webfinger][documentation-webfinger])
32//! - [OpenID Connect Dynamic Client Registration 1.0][feature-registration]
33//! - Dynamic Client Registration request
34//! - Client initialization via registration client uri
35//! - [RFC7009 - OAuth 2.0 Token revocation][feature-revocation]
36//! - Client Authenticated request to token revocation
37//! - [RFC7662 - OAuth 2.0 Token introspection][feature-introspection]
38//! - Client Authenticated request to token introspection
39//! - [RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)][feature-device-flow]
40//! - [RFC8705 - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens][feature-mtls]
41//! - Mutual TLS Client Certificate-Bound Access Tokens
42//! - Metadata for Mutual TLS Endpoint Aliases
43//! - Client Authentication
44//! - tls_client_auth
45//! - self_signed_tls_client_auth
46//! - [RFC9101 - OAuth 2.0 JWT-Secured Authorization Request (JAR)][feature-jar]
47//! - [RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)][feature-par]
48//! - [RFC9449 - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)][feature-dpop]
49//! - [OpenID Connect RP-Initiated Logout 1.0][feature-rp-logout]
50//! - [Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)][feature-fapi]
51//! - [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)][feature-jarm]
52//! - [OAuth 2.0 Authorization Server Issuer Identification][feature-iss]
53//!
54//! [openid-connect]: https://openid.net/connect/
55//! [feature-core]: https://openid.net/specs/openid-connect-core-1_0.html
56//! [feature-discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html
57//! [feature-registration]: https://openid.net/specs/openid-connect-registration-1_0.html
58//! [feature-revocation]: https://tools.ietf.org/html/rfc7009
59//! [feature-introspection]: https://tools.ietf.org/html/rfc7662
60//! [feature-mtls]: https://tools.ietf.org/html/rfc8705
61//! [feature-device-flow]: https://tools.ietf.org/html/rfc8628
62//! [feature-rp-logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
63//! [feature-jarm]: https://openid.net/specs/oauth-v2-jarm.html
64//! [feature-fapi]: https://openid.net/specs/openid-financial-api-part-2-1_0.html
65//! [feature-dpop]: https://www.rfc-editor.org/rfc/rfc9449.html
66//! [feature-par]: https://www.rfc-editor.org/rfc/rfc9126.html
67//! [feature-jar]: https://www.rfc-editor.org/rfc/rfc9101.html
68//! [feature-iss]: https://www.rfc-editor.org/rfc/rfc9207.html
69//!
70//! ## Generating JWKs
71//!
72//! This crate uses [Josekit](https://crates.io/crates/josekit) for JWKs. To create JWKs, refer [JWK](https://docs.rs/josekit/0.8.6/josekit/jwk/struct.Jwk.html) in the Josekit documentation.
73//!
74//! ## Using MTLS
75//!
76//! To use MTLS, ie; certificate authentication, you'll need to create your own http client out of the [types::OidcHttpClient] trait.
77//! Override the [types::OidcHttpClient::get_client_certificate] function (which returns [None] by default) to return Some([types::http_client::ClientCertificate]).
78//!
79//! When the request requires MTLS, and the [types::OidcHttpClient::get_client_certificate] method returns None, a client error will be returned.
80//!
81//! ## Issuer API
82//!
83//! ### New Instance
84//!
85//! - [issuer::Issuer::new]
86//!
87//! ### OIDC Discovery
88//! - [issuer::Issuer::discover_async]
89//!
90//! ### Webfinger Discovery
91//! - [issuer::Issuer::webfinger_async]
92//!
93//! ### Client from Issuer
94//! - [issuer::Issuer::client]
95//!
96//! ## Client
97//!
98//! ### Instance methods
99//! - [client::Client::callback_async]
100//! - [client::Client::oauth_callback_async]
101//! - [client::Client::grant_async]
102//! - [client::Client::authorization_url]
103//! - [client::Client::end_session_url]
104//! - [client::Client::authorization_post]
105//! - [client::Client::introspect_async]
106//! - [client::Client::callback_params]
107//! - [client::Client::request_resource_async]
108//! - [client::Client::refresh_async]
109//! - [client::Client::revoke_async]
110//! - [client::Client::userinfo_async]
111//! - [client::Client::request_object_async]
112//! - [client::Client::pushed_authorization_request_async]
113//! - [client::Client::device_authorization_async]
114//!
115//! ### Client Read
116//! - [client::Client::from_uri_async]
117//!
118//! ### Dynamic Client Registration
119//! - [client::Client::register_async]
120
121pub mod client;
122/// Helpers
123pub mod helpers;
124mod http;
125#[cfg(feature = "http_client")]
126pub mod http_client;
127pub mod issuer;
128pub mod jwks;
129mod tests;
130/// TokenSet Module
131pub mod tokenset;
132pub mod types;
133
134/// Re exports from the crate
135pub mod re_exports {
136 pub use josekit::{self};
137 pub use reqwest::header::{HeaderMap, HeaderName, HeaderValue};
138 pub use serde_json::{self, json, Value};
139 pub use url;
140}