[−][src]Struct openid::client::Client
OAuth 2.0 client.
Fields
provider: P
OAuth provider.
client_id: String
Client ID.
client_secret: String
Client secret.
redirect_uri: Option<String>
Redirect URI.
http_client: Client
jwks: Option<JWKSet<Empty>>
Methods
impl Client<Discovered>
[src]
pub async fn discover(
id: String,
secret: String,
redirect: Option<String>,
issuer: Url
) -> Result<Self, Error>
[src]
id: String,
secret: String,
redirect: Option<String>,
issuer: Url
) -> Result<Self, Error>
Constructs a client from an issuer url and client parameters via discovery
pub fn redirect_url(&self) -> &str
[src]
Passthrough to the redirect_url stored in inth_oauth2 as a str.
pub fn config(&self) -> &Config
[src]
A reference to the config document of the provider obtained via discovery
pub fn auth_url(&self, options: &Options) -> Url
[src]
Constructs the auth_url to redirect a client to the provider. Options are... optional. Use them as needed. Keep the Options struct around for authentication, or at least the nonce and max_age parameter - we need to verify they stay the same and validate if you used them.
pub async fn authenticate<'_, '_, '_, '_>(
&'_ self,
auth_code: &'_ str,
nonce: Option<&'_ str>,
max_age: Option<&'_ Duration>
) -> Result<Token, Error>
[src]
&'_ self,
auth_code: &'_ str,
nonce: Option<&'_ str>,
max_age: Option<&'_ Duration>
) -> Result<Token, Error>
Given an auth_code and auth options, request the token, decode, and validate it.
pub fn decode_token(
&self,
token: &mut Compact<Claims, Empty>
) -> Result<(), Error>
[src]
&self,
token: &mut Compact<Claims, Empty>
) -> Result<(), Error>
Mutates a Compact::encoded Token to Compact::decoded. Errors are:
- Decode::MissingKid if the keyset has multiple keys but the key id on the token is missing
- Decode::MissingKey if the given key id is not in the key set
- Decode::EmptySet if the keyset is empty
- Jose::WrongKeyType if the alg of the key and the alg in the token header mismatch
- Jose::WrongKeyType if the specified key alg isn't a signature algorithm
- Jose error if decoding fails
pub fn validate_token(
&self,
token: &Compact<Claims, Empty>,
nonce: Option<&str>,
max_age: Option<&Duration>
) -> Result<(), Error>
[src]
&self,
token: &Compact<Claims, Empty>,
nonce: Option<&str>,
max_age: Option<&Duration>
) -> Result<(), Error>
Validate a decoded token. If you don't get an error, its valid! Nonce and max_age come from your auth_uri options. Errors are:
- Jose Error if the Token isn't decoded
- Validation::Mismatch::Issuer if the provider issuer and token issuer mismatch
- Validation::Mismatch::Nonce if a given nonce and the token nonce mismatch
- Validation::Missing::Nonce if either the token or args has a nonce and the other does not
- Validation::Missing::Audience if the token aud doesn't contain the client id
- Validation::Missing::AuthorizedParty if there are multiple audiences and azp is missing
- Validation::Mismatch::AuthorizedParty if the azp is not the client_id
- Validation::Expired::Expires if the current time is past the expiration time
- Validation::Expired::MaxAge is the token is older than the provided max_age
- Validation::Missing::Authtime if a max_age was given and the token has no auth time
pub async fn request_userinfo<'_, '_>(
&'_ self,
token: &'_ Token
) -> Result<Userinfo, Error>
[src]
&'_ self,
token: &'_ Token
) -> Result<Userinfo, Error>
Get a userinfo json document for a given token at the provider's userinfo endpoint. Errors are:
- Userinfo::NoUrl if this provider doesn't have a userinfo endpoint
- Error::Insecure if the userinfo url is not https
- Error::Jose if the token is not decoded
- Error::Http if something goes wrong getting the document
- Error::Json if the response is not a valid Userinfo document
- Userinfo::MismatchSubject if the returned userinfo document and tokens subject mismatch
impl<P: Provider> Client<P>
[src]
pub fn new(
provider: P,
client_id: String,
client_secret: String,
redirect_uri: Option<String>,
http_client: Client,
jwks: Option<JWKSet<Empty>>
) -> Self
[src]
provider: P,
client_id: String,
client_secret: String,
redirect_uri: Option<String>,
http_client: Client,
jwks: Option<JWKSet<Empty>>
) -> Self
Creates a client.
Examples
use openid::Client; use openid::provider::google::Installed; let client = Client::new( Installed, String::from("CLIENT_ID"), String::from("CLIENT_SECRET"), Some(String::from("urn:ietf:wg:oauth:2.0:oob")), reqwest::Client::new(), None, );
pub fn auth_uri(&self, scope: Option<&str>, state: Option<&str>) -> Url
[src]
Returns an authorization endpoint URI to direct the user to.
Examples
use openid::Client; use openid::provider::google::Installed; let client = Client::new( Installed, String::from("CLIENT_ID"), String::from("CLIENT_SECRET"), Some(String::from("urn:ietf:wg:oauth:2.0:oob")), reqwest::Client::new(), None, ); let auth_uri = client.auth_uri( Some("https://www.googleapis.com/auth/userinfo.email"), None, );
pub async fn request_token<'_, '_>(
&'_ self,
code: &'_ str
) -> Result<Bearer, ClientError>
[src]
&'_ self,
code: &'_ str
) -> Result<Bearer, ClientError>
Requests an access token using an authorization code.
impl<P> Client<P> where
P: Provider,
[src]
P: Provider,
pub async fn refresh_token<'_, '_>(
&'_ self,
token: Bearer,
scope: Option<&'_ str>
) -> Result<Bearer, ClientError>
[src]
&'_ self,
token: Bearer,
scope: Option<&'_ str>
) -> Result<Bearer, ClientError>
Refreshes an access token.
See RFC 6749, section 6.
pub async fn ensure_token<'_>(
&'_ self,
token: Bearer
) -> Result<Bearer, ClientError>
[src]
&'_ self,
token: Bearer
) -> Result<Bearer, ClientError>
Ensures an access token is valid by refreshing it if necessary.
Trait Implementations
Auto Trait Implementations
impl<P> !RefUnwindSafe for Client<P>
impl<P> Send for Client<P> where
P: Send,
P: Send,
impl<P> Sync for Client<P> where
P: Sync,
P: Sync,
impl<P> Unpin for Client<P> where
P: Unpin,
P: Unpin,
impl<P> !UnwindSafe for Client<P>
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,