Struct ClientMetadata

pub struct ClientMetadata {

    pub client_id: Option<String>,
    pub client_secret: Option<String>,
    pub registration_access_token: Option<String>,
    pub registration_client_uri: Option<String>,
    pub client_id_issued_at: Option<i64>,
    pub client_secret_expires_at: Option<i64>,
    pub token_endpoint_auth_method: Option<String>,
    pub token_endpoint_auth_signing_alg: Option<String>,
    pub introspection_endpoint_auth_method: Option<String>,
    pub introspection_endpoint_auth_signing_alg: Option<String>,
    pub revocation_endpoint_auth_method: Option<String>,
    pub revocation_endpoint_auth_signing_alg: Option<String>,
    pub redirect_uri: Option<String>,
    pub redirect_uris: Option<Vec<String>>,
    pub response_type: Option<String>,
    pub response_types: Option<Vec<String>>,
    pub grant_types: Option<Vec<String>>,
    pub jwks_uri: Option<String>,
    pub jwks: Option<Jwks>,
    pub sector_identifier_uri: Option<String>,
    pub subject_type: Option<String>,
    pub id_token_signed_response_alg: Option<String>,
    pub id_token_encrypted_response_alg: Option<String>,
    pub id_token_encrypted_response_enc: Option<String>,
    pub userinfo_signed_response_alg: Option<String>,
    pub userinfo_encrypted_response_alg: Option<String>,
    pub userinfo_encrypted_response_enc: Option<String>,
    pub request_object_signing_alg: Option<String>,
    pub request_object_encryption_alg: Option<String>,
    pub request_object_encryption_enc: Option<String>,
    pub default_max_age: Option<u64>,
    pub require_auth_time: Option<bool>,
    pub default_acr_values: Option<Vec<String>>,
    pub initiate_login_uri: Option<String>,
    pub request_uris: Option<String>,
    pub tls_client_certificate_bound_access_tokens: Option<bool>,
    pub post_logout_redirect_uris: Option<Vec<String>>,
    pub authorization_signed_response_alg: Option<String>,
    pub authorization_encrypted_response_alg: Option<String>,
    pub authorization_encrypted_response_enc: Option<String>,
    pub dpop_bound_access_tokens: Option<bool>,
    pub backchannel_token_delivery_mode: Option<String>,
    pub backchannel_client_notification_endpoint: Option<String>,
    pub backchannel_authentication_request_signing_alg: Option<String>,
    pub backchannel_user_code_parameter: Option<bool>,
    pub other_fields: HashMap<String, Value>,
}

Client Metadata

This struct is used to create a client as well as to register a client. This is why you would see Option<bool> in places. Set it explicitly to register a client or create one

Fields

client_id: Option<String>

Client Id

client_secret: Option<String>

Client secret

registration_access_token: Option<String>

Registration Access Token

registration_client_uri: Option<String>

Registration Client Uri

client_id_issued_at: Option<i64>

Client Id Issued At

client_secret_expires_at: Option<i64>

Secret Expiry Epoch Seconds

token_endpoint_auth_method: Option<String>

Authentication method used by the client for authenticating with the OP

token_endpoint_auth_signing_alg: Option<String>

Algorithm used for signing the JWT used to authenticate the client at the token endpoint.

introspection_endpoint_auth_method: Option<String>

Authentication method used by the client for introspection endpoint

introspection_endpoint_auth_signing_alg: Option<String>

Algorithm used for signing the JWT used to authenticate the client at the introspection endpoint.

revocation_endpoint_auth_method: Option<String>

Authentication method used by the client for revocation endpoint

revocation_endpoint_auth_signing_alg: Option<String>

Algorithm used for signing the JWT used to authenticate the client at the revocation endpoint.

redirect_uri: Option<String>

The redirect uri where response will be sent

redirect_uris: Option<Vec<String>>

A list of acceptable redirect uris

response_type: Option<String>

Response type supported by the client.

response_types: Option<Vec<String>>

List of Response type supported by the client

grant_types: Option<Vec<String>>

Grant Types

jwks_uri: Option<String>

Jwks Uri

jwks: Option<Jwks>

JWKS

sector_identifier_uri: Option<String>

Sector Identifier Uri

subject_type: Option<String>

Subject Type

id_token_signed_response_alg: Option<String>

Id Token Signed Response Algorithm

id_token_encrypted_response_alg: Option<String>

Id Token Encrypted Response Algorithm

id_token_encrypted_response_enc: Option<String>

Id Token Encrypted Response Algorithm

userinfo_signed_response_alg: Option<String>

Userinfo Signed Response Algorithm

userinfo_encrypted_response_alg: Option<String>

Userinfo Encrypted Response Algorithm

userinfo_encrypted_response_enc: Option<String>

Userinfo Encrypted Response Algorithm

request_object_signing_alg: Option<String>

Request Object Signing Algorithm

request_object_encryption_alg: Option<String>

Request Object Encryption Algorithm

request_object_encryption_enc: Option<String>

Request Object Encryption Algorithm

default_max_age: Option<u64>

Default Max Age

require_auth_time: Option<bool>

Require Auth Time

default_acr_values: Option<Vec<String>>

Default Acr Values

initiate_login_uri: Option<String>

Initiate Login Uri

request_uris: Option<String>

Request Uris

tls_client_certificate_bound_access_tokens: Option<bool>

Client’s intention to use mutual-TLS client certificate-bound access tokens

post_logout_redirect_uris: Option<Vec<String>>

Client’s allowed redirect uris after a logout

authorization_signed_response_alg: Option<String>

Algorithm used for signing authorization responses. If this is specified, the response will be signed using JWS and the configured algorithm. The algorithm none is not allowed. The default, if omitted, is RS256 See JARM Spec

authorization_encrypted_response_alg: Option<String>

Algorithm used for encrypting authorization responses. If both signing and encryption are requested, the response will be signed then encrypted, with the result being a Nested JWT, as defined in JWT RFC7519. The default, if omitted, is that no encryption is performed. See JARM Spec

authorization_encrypted_response_enc: Option<String>

Algoritm for encrypting authorization responses. If authorization_encrypted_response_alg is specified, the default for this value is A128CBC-HS256. When authorization_encrypted_response_enc is included, authorization_encrypted_response_alg MUST also be provided. See JARM Spec

dpop_bound_access_tokens: Option<bool>

A boolean value specifying whether the client always uses DPoP for token requests. If omitted, the default value is false.

backchannel_token_delivery_mode: Option<String>

One of poll, ping, push modes for token delivery

backchannel_client_notification_endpoint: Option<String>

Client owned endpoint the authorization server will send a request to if the mode is set to ping or push.

backchannel_authentication_request_signing_alg: Option<String>

The signing algorithm used by the client to sign authentication requests.

backchannel_user_code_parameter: Option<bool>

Specifies if the user_code param is supported by the client.

other_fields: HashMap<String, Value>

Extra key values

Trait Implementations

impl Debug for ClientMetadata

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ClientMetadata

fn default() -> ClientMetadata

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for ClientMetadata

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for ClientMetadata

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.