openid_client/types/
issuer_metadata.rs

1use std::collections::HashMap;
2
3use serde::Deserialize;
4use serde_json::Value;
5
6/// # MtlsEndpoints
7/// [OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://datatracker.ietf.org/doc/html/rfc8705)
8#[derive(Deserialize, Debug, Clone, Default)]
9pub struct MtlsEndpoints {
10    /// mTLS token endpoint
11    pub token_endpoint: Option<String>,
12    /// mTLS userinfo endpoint
13    pub userinfo_endpoint: Option<String>,
14    /// mTLS revocation endpoint
15    pub revocation_endpoint: Option<String>,
16    /// mTLS introspection endpoint
17    pub introspection_endpoint: Option<String>,
18    /// mTLS device authorization endpoint
19    pub device_authorization_endpoint: Option<String>,
20}
21
22/// # IssuerMetadata
23/// Metadata about the OIDC Authorization Server. [OIDC Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse).
24#[derive(Debug, Deserialize, Default, Clone)]
25pub struct IssuerMetadata {
26    /// Issuer url. [RFC8414 - Obtaining Authorization Server Metadata](https://www.rfc-editor.org/rfc/rfc8414.html#section-3).
27    pub issuer: String,
28    /// Authorization Endpoint. [RFC6749 - Authorization Endpoint](https://www.rfc-editor.org/rfc/rfc6749#section-3.1).
29    pub authorization_endpoint: Option<String>,
30    ///  Device authorization endpoint
31    pub device_authorization_endpoint: Option<String>,
32    /// Endpoint to obtain the access/refresh/id tokens. [RFC6749 - Token Endpoint](https://www.rfc-editor.org/rfc/rfc6749#section-3.2).
33    pub token_endpoint: Option<String>,
34    /// URL of the authorization server's JWK Set. [See](https://www.rfc-editor.org/rfc/rfc8414.html#section-2)
35    pub jwks_uri: Option<String>,
36    /// OpenID Connect [Userinfo Endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo).
37    pub userinfo_endpoint: Option<String>,
38    /// Endpoint for revoking refresh tokes and access tokens. [Authorization Server Metadata](https://www.rfc-editor.org/rfc/rfc8414.html#section-2).
39    pub revocation_endpoint: Option<String>,
40    /// Endpoint to initiate an end session request.
41    pub end_session_endpoint: Option<String>,
42    /// Dynamic client registration endpoint
43    pub registration_endpoint: Option<String>,
44    /// [Token introspection endpoint](https://www.rfc-editor.org/rfc/rfc7662)
45    pub introspection_endpoint: Option<String>,
46    /// List of client [authentication methods](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method) supported by the Authorization Server.
47    pub token_endpoint_auth_methods_supported: Option<Vec<String>>,
48    /// List of JWS signing algorithms supported by the token endpoint for the signature of the JWT
49    /// that the client uses to authenticate.
50    pub token_endpoint_auth_signing_alg_values_supported: Option<Vec<String>>,
51    /// List of client [authentication methods](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method) supported by the Authorization Server.
52    pub introspection_endpoint_auth_methods_supported: Option<Vec<String>>,
53    /// List of JWS signing algorithms supported by the introspection endpoint for the signature of
54    /// the JWT that the client uses to authenticate.
55    pub introspection_endpoint_auth_signing_alg_values_supported: Option<Vec<String>>,
56    /// List of client [authentication methods](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method) supported by the Authorization Server.
57    pub revocation_endpoint_auth_methods_supported: Option<Vec<String>>,
58    /// List of JWS signing algorithms supported by the revocation endpoint for the signature of the
59    /// JWT that the client uses to authenticate.
60    pub revocation_endpoint_auth_signing_alg_values_supported: Option<Vec<String>>,
61    /// Alternative endpoints that can be used by a client with mTLS to access. See [MtlsEndpoints]
62    pub mtls_endpoint_aliases: Option<MtlsEndpoints>,
63    /// OP support of returning the OP id in auth response. [RFC](https://www.ietf.org/archive/id/draft-meyerzuselhausen-oauth-iss-auth-resp-02.html#name-providing-the-issuer-identi)
64    pub authorization_response_iss_parameter_supported: Option<bool>,
65    /// A JSON array containing a list of the JWS alg values supported by the authorization server for DPoP proof JWTs
66    pub dpop_signing_alg_values_supported: Option<Vec<String>>,
67    /// The URL of the pushed authorization request endpoint at which client can post an authorization request to exchange for a "request_uri" value usable at the authorization server.  
68    pub pushed_authorization_request_endpoint: Option<String>,
69    /// Boolean parameter indicating whether the authorization server accepts authorization request data only via PAR.  If omitted, the default value is "false".
70    #[serde(default)]
71    pub require_pushed_authorization_requests: bool,
72    /// Token delivery modes supported for CIBA
73    pub backchannel_token_delivery_modes_supported: Option<Vec<String>>,
74    /// CIBA authentication endpont
75    pub backchannel_authentication_endpoint: Option<String>,
76    /// CIBA authentication request signing algorithms supported.
77    pub backchannel_authentication_request_signing_alg_values_supported: Option<Vec<String>>,
78    /// Wether CIBA user_code is supported
79    pub backchannel_user_code_parameter_supported: Option<bool>,
80    /// Any extra data that was read from the discovery document
81    #[serde(flatten)]
82    pub other_fields: HashMap<String, Value>,
83}