[−][src]Struct openidconnect::IdTokenVerifier
ID token verifier.
Methods
impl<'a, JS, JT, JU, K> IdTokenVerifier<'a, JS, JT, JU, K> where
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
[src]
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
pub fn new_public_client(
client_id: ClientId,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
[src]
client_id: ClientId,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
Initializes a new verifier for a public client (i.e., one without a client secret).
pub fn new_confidential_client(
client_id: ClientId,
client_secret: ClientSecret,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
[src]
client_id: ClientId,
client_secret: ClientSecret,
issuer: IssuerUrl,
signature_keys: JsonWebKeySet<JS, JT, JU, K>
) -> Self
Initializes a new verifier for a confidential client (i.e., one with a client secret).
A confidential client verifier is required in order to verify ID tokens signed using a
shared secret algorithm such as HS256
, HS384
, or HS512
. For these algorithms, the
client secret is the shared secret.
pub fn set_allowed_algs<I>(self, algs: I) -> Self where
I: IntoIterator<Item = JS>,
[src]
I: IntoIterator<Item = JS>,
Specifies which JSON Web Signature algorithms are supported.
pub fn allow_any_alg(self) -> Self
[src]
Specifies that any signature algorithm is supported.
pub fn set_auth_context_verifier_fn<T>(self, acr_verifier_fn: T) -> Self where
T: Fn(Option<&AuthenticationContextClass>) -> Result<(), String> + 'a,
[src]
T: Fn(Option<&AuthenticationContextClass>) -> Result<(), String> + 'a,
Specifies a function for verifying the acr
claim.
The function should return Ok(())
if the claim is valid, or a string describing the error
otherwise.
pub fn set_auth_time_verifier_fn<T>(self, auth_time_verifier_fn: T) -> Self where
T: Fn(Option<&DateTime<Utc>>) -> Result<(), String> + 'a,
[src]
T: Fn(Option<&DateTime<Utc>>) -> Result<(), String> + 'a,
Specifies a function for verifying the auth_time
claim.
The function should return Ok(())
if the claim is valid, or a string describing the error
otherwise.
pub fn enable_signature_check(self) -> Self
[src]
Enables signature verification.
Signature verification is enabled by default, so this function is only useful if
IdTokenVerifier::insecure_disable_signature_check
was previously invoked.
pub fn insecure_disable_signature_check(self) -> Self
[src]
Disables signature verification.
Security Warning
Unverified ID tokens may be subject to forgery. See Section 16.3 for more information.
pub fn set_time_fn<T>(self, time_fn: T) -> Self where
T: Fn() -> DateTime<Utc> + 'a,
[src]
T: Fn() -> DateTime<Utc> + 'a,
Specifies a function for returning the current time.
This function is used for verifying the ID token expiration time.
pub fn set_issue_time_verifier_fn<T>(self, iat_verifier_fn: T) -> Self where
T: Fn(&DateTime<Utc>) -> Result<(), String> + 'a,
[src]
T: Fn(&DateTime<Utc>) -> Result<(), String> + 'a,
Specifies a function for verifying the ID token issue time.
The function should return Ok(())
if the claim is valid, or a string describing the error
otherwise.
pub fn set_other_audience_verifier_fn<T>(self, other_aud_verifier_fn: T) -> Self where
T: Fn(&Audience) -> bool + 'a,
[src]
T: Fn(&Audience) -> bool + 'a,
Specifies a function for verifying audiences included in the aud
claim that differ from
this client's client ID.
The function should return true
if the audience is trusted, or false
otherwise.
Section 3.1.3.7 states that "The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client."
Trait Implementations
impl<'a, JS: Clone, JT: Clone, JU: Clone, K: Clone> Clone for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
[src]
JS: JwsSigningAlgorithm<JT>,
JT: JsonWebKeyType,
JU: JsonWebKeyUse,
K: JsonWebKey<JS, JT, JU>,
fn clone(&self) -> IdTokenVerifier<'a, JS, JT, JU, K>
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
Auto Trait Implementations
impl<'a, JS, JT, JU, K> !Send for IdTokenVerifier<'a, JS, JT, JU, K>
impl<'a, JS, JT, JU, K> !Sync for IdTokenVerifier<'a, JS, JT, JU, K>
impl<'a, JS, JT, JU, K> Unpin for IdTokenVerifier<'a, JS, JT, JU, K> where
JS: Unpin,
JT: Unpin,
JU: Unpin,
K: Unpin,
JS: Unpin,
JT: Unpin,
JU: Unpin,
K: Unpin,
impl<'a, JS, JT, JU, K> !UnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>
impl<'a, JS, JT, JU, K> !RefUnwindSafe for IdTokenVerifier<'a, JS, JT, JU, K>
Blanket Implementations
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From<T> for T
[src]
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Erased for T
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
U: TryFrom<T>,