Skip to main content

Client

openidconnect

Struct Client 

Source 
pub struct Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where
    AC: AdditionalClaims,
    AD: AuthDisplay,
    GC: GenderClaim,
    JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>,
    K: JsonWebKey,
    P: AuthPrompt,
    TE: ErrorResponse,
    TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>,
    TIR: TokenIntrospectionResponse,
    RT: RevocableToken,
    TRE: ErrorResponse,
    HasAuthUrl: EndpointState,
    HasDeviceAuthUrl: EndpointState,
    HasIntrospectionUrl: EndpointState,
    HasRevocationUrl: EndpointState,
    HasTokenUrl: EndpointState,
    HasUserInfoUrl: EndpointState,
{ /* private fields */ }
Expand description

OpenID Connect client.

§Error Types

To enable compile time verification that only the correct and complete set of errors for the Client function being invoked are exposed to the caller, the Client type is specialized on multiple implementations of the ErrorResponse trait. The exact ErrorResponse implementation returned varies by the RFC that the invoked Client function implements:

For example when revoking a token, error code unsupported_token_type (from RFC 7009) may be returned:

let res = client
    .revoke_token(AccessToken::new("some token".to_string()).into())
    .unwrap()
    .request(&http_client);

assert!(matches!(res, Err(
    RequestTokenError::ServerResponse(err)) if matches!(err.error(),
        RevocationErrorResponseType::UnsupportedTokenType)));

Implementations§

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, EndpointNotSet, EndpointNotSet, EndpointNotSet, EndpointNotSet, EndpointNotSet, EndpointNotSet>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static,

Source

pub fn new( client_id: ClientId, issuer: IssuerUrl, jwks: JsonWebKeySet<K>, ) -> Self

Initialize an OpenID Connect client.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, EndpointSet, EndpointNotSet, EndpointNotSet, EndpointNotSet, EndpointMaybeSet, EndpointMaybeSet>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static,

Source

pub fn from_provider_metadata<A, CA, CN, CT, G, JK, RM, RS, S>( provider_metadata: ProviderMetadata<A, AD, CA, CN, CT, G, JE, JK, K, RM, RS, S>, client_id: ClientId, client_secret: Option<ClientSecret>, ) -> Self
where A: AdditionalProviderMetadata, CA: ClientAuthMethod, CN: ClaimName, CT: ClaimType, G: GrantType, JK: JweKeyManagementAlgorithm, RM: ResponseMode, RS: ResponseType, S: SubjectIdentifierType,

Initialize an OpenID Connect client from OpenID Connect Discovery provider metadata.

Use ProviderMetadata::discover or ProviderMetadata::discover_async to fetch the provider metadata.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasDeviceAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasRevocationUrl: EndpointState, HasTokenUrl: EndpointState, HasUserInfoUrl: EndpointState,

Source

pub fn set_auth_type(self, auth_type: AuthType) -> Self

Set the type of client authentication used for communicating with the authorization server.

The default is to use HTTP Basic authentication, as recommended in Section 2.3.1 of RFC 6749. Note that if a client secret is omitted (i.e., set_client_secret() is not called), AuthType::RequestBody is used regardless of the auth_type passed to this function.

Source

pub fn auth_type(&self) -> &AuthType

Return the type of client authentication used for communicating with the authorization server.

Source

pub fn set_auth_uri( self, auth_uri: AuthUrl, ) -> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, EndpointSet, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>

Set the authorization endpoint.

The client uses the authorization endpoint to obtain authorization from the resource owner via user-agent redirection. This URL is used in all standard OAuth2 flows except the Resource Owner Password Credentials Grant and the Client Credentials Grant.

Source

pub fn client_id(&self) -> &ClientId

Return the Client ID.

Source

pub fn set_client_secret(self, client_secret: ClientSecret) -> Self

Set the client secret.

A client secret is generally used for confidential (i.e., server-side) OAuth2 clients and omitted from public (browser or native app) OAuth2 clients (see RFC 8252).

Source

pub fn set_device_authorization_url( self, device_authorization_url: DeviceAuthorizationUrl, ) -> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, EndpointSet, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>

Set the RFC 8628 device authorization endpoint used for the Device Authorization Flow.

See exchange_device_code().

Source

pub fn set_introspection_url( self, introspection_url: IntrospectionUrl, ) -> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, EndpointSet, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>

Set the RFC 7662 introspection endpoint.

See introspect().

Source

pub fn set_redirect_uri(self, redirect_url: RedirectUrl) -> Self

Set the redirect URL used by the authorization endpoint.

Source

pub fn redirect_uri(&self) -> Option<&RedirectUrl>

Return the redirect URL used by the authorization endpoint.

Source

pub fn set_revocation_url( self, revocation_uri: RevocationUrl, ) -> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, EndpointSet, HasTokenUrl, HasUserInfoUrl>

Set the RFC 7009 revocation endpoint.

See revoke_token().

Source

pub fn set_token_uri( self, token_uri: TokenUrl, ) -> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, EndpointSet, HasUserInfoUrl>

Set the token endpoint.

The client uses the token endpoint to exchange an authorization code for an access token, typically with client authentication. This URL is used in all standard OAuth2 flows except the Implicit Grant.

Source

pub fn set_user_info_url( self, userinfo_endpoint: UserInfoUrl, ) -> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, EndpointSet>

Set the user info endpoint.

See user_info().

Source

pub fn enable_openid_scope(self) -> Self

Enable the openid scope to be requested automatically.

This scope is requested by default, so this function is only useful after previous calls to disable_openid_scope.

Source

pub fn disable_openid_scope(self) -> Self

Disable the openid scope from being requested automatically.

Source

pub fn id_token_verifier(&self) -> IdTokenVerifier<'_, K>

Return an ID token verifier for use with the IdToken::claims method.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, EndpointSet, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasDeviceAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasRevocationUrl: EndpointState, HasTokenUrl: EndpointState, HasUserInfoUrl: EndpointState,

Methods requiring an authorization endpoint.

Source

pub fn auth_uri(&self) -> &AuthUrl

Return the authorization endpoint.

Source

pub fn authorize_url<NF, RS, SF>( &self, authentication_flow: AuthenticationFlow<RS>, state_fn: SF, nonce_fn: NF, ) -> AuthorizationRequest<'_, AD, P, RS>
where NF: FnOnce() -> Nonce + 'static, RS: ResponseType, SF: FnOnce() -> CsrfToken + 'static,

Generate an authorization URL for a new authorization request.

Requires set_auth_uri() to have been previously called to set the authorization endpoint.

NOTE: Passing authorization request parameters as a JSON Web Token instead of URL query parameters is not currently supported. The claims parameter is also not directly supported, although the AuthorizationRequest::add_extra_param method can be used to add custom parameters, including claims.

§Arguments
  • authentication_flow - The authentication flow to use (code, implicit, or hybrid).
  • state_fn - A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.
  • nonce_fn - Similar to state_fn, but used to generate an opaque nonce to be used when verifying the ID token returned by the OpenID Connect Provider.
§Security Warning

Callers should use a fresh, unpredictable state for each authorization request and verify that this value matches the state parameter passed by the authorization server to the redirect URI. Doing so mitigates Cross-Site Request Forgery attacks.

Similarly, callers should use a fresh, unpredictable nonce to help protect against ID token reuse and forgery.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasUserInfoUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, EndpointSet, HasUserInfoUrl>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasDeviceAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasRevocationUrl: EndpointState, HasUserInfoUrl: EndpointState,

Methods requiring a token endpoint.

Source

pub fn exchange_client_credentials( &self, ) -> ClientCredentialsTokenRequest<'_, TE, TR>

Request an access token using the Client Credentials Flow.

Requires set_token_uri() to have been previously called to set the token endpoint.

Source

pub fn exchange_code( &self, code: AuthorizationCode, ) -> CodeTokenRequest<'_, TE, TR>

Exchange a code returned during the Authorization Code Flow for an access token.

Acquires ownership of the code because authorization codes may only be used once to retrieve an access token from the authorization server.

Requires set_token_uri() to have been previously called to set the token endpoint.

Source

pub fn exchange_device_access_token<'a, EF>( &'a self, auth_response: &'a DeviceAuthorizationResponse<EF>, ) -> DeviceAccessTokenRequest<'a, 'static, TR, EF>
where EF: ExtraDeviceAuthorizationFields,

Exchange an RFC 8628 Device Authorization Response returned by exchange_device_code() for an access token.

Requires set_token_uri() to have been previously called to set the token endpoint.

Source

pub fn exchange_password<'a>( &'a self, username: &'a ResourceOwnerUsername, password: &'a ResourceOwnerPassword, ) -> PasswordTokenRequest<'a, TE, TR>

Request an access token using the Resource Owner Password Credentials Flow.

Requires set_token_uri() to have been previously called to set the token endpoint.

Source

pub fn exchange_refresh_token<'a>( &'a self, refresh_token: &'a RefreshToken, ) -> RefreshTokenRequest<'a, TE, TR>

Exchange a refresh token for an access token.

See https://tools.ietf.org/html/rfc6749#section-6.

Requires set_token_uri() to have been previously called to set the token endpoint.

Source

pub fn token_uri(&self) -> &TokenUrl

Return the token endpoint.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasUserInfoUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, EndpointMaybeSet, HasUserInfoUrl>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasDeviceAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasRevocationUrl: EndpointState, HasUserInfoUrl: EndpointState,

Methods with a possibly-set token endpoint after calling from_provider_metadata().

Source

pub fn exchange_client_credentials( &self, ) -> Result<ClientCredentialsTokenRequest<'_, TE, TR>, ConfigurationError>

Request an access token using the Client Credentials Flow.

Requires from_provider_metadata() to have been previously called to construct the client.

Source

pub fn exchange_code( &self, code: AuthorizationCode, ) -> Result<CodeTokenRequest<'_, TE, TR>, ConfigurationError>

Exchange a code returned during the Authorization Code Flow for an access token.

Acquires ownership of the code because authorization codes may only be used once to retrieve an access token from the authorization server.

Requires from_provider_metadata() to have been previously called to construct the client.

Source

pub fn exchange_device_access_token<'a, EF>( &'a self, auth_response: &'a DeviceAuthorizationResponse<EF>, ) -> Result<DeviceAccessTokenRequest<'a, 'static, TR, EF>, ConfigurationError>
where EF: ExtraDeviceAuthorizationFields,

Exchange an RFC 8628 Device Authorization Response returned by exchange_device_code() for an access token.

Requires from_provider_metadata() to have been previously called to construct the client.

Source

pub fn exchange_password<'a>( &'a self, username: &'a ResourceOwnerUsername, password: &'a ResourceOwnerPassword, ) -> Result<PasswordTokenRequest<'a, TE, TR>, ConfigurationError>

Request an access token using the Resource Owner Password Credentials Flow.

Requires from_provider_metadata() to have been previously called to construct the client.

Source

pub fn exchange_refresh_token<'a>( &'a self, refresh_token: &'a RefreshToken, ) -> Result<RefreshTokenRequest<'a, TE, TR>, ConfigurationError>

Exchange a refresh token for an access token.

See https://tools.ietf.org/html/rfc6749#section-6.

Requires from_provider_metadata() to have been previously called to construct the client.

Source

pub fn token_uri(&self) -> Option<&TokenUrl>

Return the token endpoint.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, EndpointSet, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasRevocationUrl: EndpointState, HasTokenUrl: EndpointState, HasUserInfoUrl: EndpointState,

Methods requiring a device authorization endpoint.

Source

pub fn exchange_device_code(&self) -> DeviceAuthorizationRequest<'_, TE>

Begin the RFC 8628 Device Authorization Flow and retrieve a Device Authorization Response.

Requires set_device_authorization_url() to have been previously called to set the device authorization endpoint.

See exchange_device_access_token().

Source

pub fn device_authorization_url(&self) -> &DeviceAuthorizationUrl

Return the RFC 8628 device authorization endpoint used for the Device Authorization Flow.

See exchange_device_code().

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, EndpointSet, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasDeviceAuthUrl: EndpointState, HasRevocationUrl: EndpointState, HasTokenUrl: EndpointState, HasUserInfoUrl: EndpointState,

Methods requiring an introspection endpoint.

Source

pub fn introspect<'a>( &'a self, token: &'a AccessToken, ) -> IntrospectionRequest<'a, TE, TIR>

Retrieve metadata for an access token using the RFC 7662 introspection endpoint.

Requires set_introspection_url() to have been previously called to set the introspection endpoint.

Source

pub fn introspection_url(&self) -> &IntrospectionUrl

Return the RFC 7662 introspection endpoint.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasTokenUrl, HasUserInfoUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, EndpointSet, HasTokenUrl, HasUserInfoUrl>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasDeviceAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasTokenUrl: EndpointState, HasUserInfoUrl: EndpointState,

Methods requiring a revocation endpoint.

Source

pub fn revoke_token( &self, token: RT, ) -> Result<RevocationRequest<'_, RT, TRE>, ConfigurationError>

Revoke an access or refresh token using the RFC 7009 revocation endpoint.

Requires set_revocation_url() to have been previously called to set the revocation endpoint.

Source

pub fn revocation_url(&self) -> &RevocationUrl

Return the RFC 7009 revocation endpoint.

See revoke_token().

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, EndpointSet>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasDeviceAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasRevocationUrl: EndpointState, HasTokenUrl: EndpointState,

Methods requiring a user info endpoint.

Source

pub fn user_info( &self, access_token: AccessToken, expected_subject: Option<SubjectIdentifier>, ) -> UserInfoRequest<'_, JE, K>

Request info about the user associated with the given access token.

Requires set_user_info_url() to have been previously called to set the user info endpoint.

To help protect against token substitution attacks, this function optionally allows clients to provide the subject identifier whose user info they expect to receive. If provided and the subject returned by the OpenID Connect Provider does not match, the UserInfoRequest::request or UserInfoRequest::request_async functions will return UserInfoError::ClaimsVerification. If set to None, any subject is accepted.

Source

pub fn user_info_url(&self) -> &UserInfoUrl

Return the user info endpoint.

See ‘user_info()’.

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, EndpointMaybeSet>
where AC: AdditionalClaims, AD: AuthDisplay, GC: GenderClaim, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType>, K: JsonWebKey, P: AuthPrompt, TE: ErrorResponse + 'static, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm>, TIR: TokenIntrospectionResponse, RT: RevocableToken, TRE: ErrorResponse + 'static, HasAuthUrl: EndpointState, HasDeviceAuthUrl: EndpointState, HasIntrospectionUrl: EndpointState, HasRevocationUrl: EndpointState, HasTokenUrl: EndpointState,

Methods with a possibly-set user info endpoint.

Source

pub fn user_info( &self, access_token: AccessToken, expected_subject: Option<SubjectIdentifier>, ) -> Result<UserInfoRequest<'_, JE, K>, ConfigurationError>

Request info about the user associated with the given access token.

Requires from_provider_metadata() to have been previously called to construct the client.

To help protect against token substitution attacks, this function optionally allows clients to provide the subject identifier whose user info they expect to receive. If provided and the subject returned by the OpenID Connect Provider does not match, the UserInfoRequest::request or UserInfoRequest::request_async functions will return UserInfoError::ClaimsVerification. If set to None, any subject is accepted.

Source

pub fn user_info_url(&self) -> Option<&UserInfoUrl>

Return the user info endpoint.

See ‘user_info()’.

Trait Implementations§

Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Clone for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: AdditionalClaims + Clone, AD: AuthDisplay + Clone, GC: GenderClaim + Clone, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType> + Clone, K: JsonWebKey + Clone, P: AuthPrompt + Clone, TE: ErrorResponse + Clone, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm> + Clone, TIR: TokenIntrospectionResponse + Clone, RT: RevocableToken + Clone, TRE: ErrorResponse + Clone, HasAuthUrl: EndpointState + Clone, HasDeviceAuthUrl: EndpointState + Clone, HasIntrospectionUrl: EndpointState + Clone, HasRevocationUrl: EndpointState + Clone, HasTokenUrl: EndpointState + Clone, HasUserInfoUrl: EndpointState + Clone, K::SigningAlgorithm: Clone,

Source§

fn clone( &self, ) -> Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Debug for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: AdditionalClaims + Debug, AD: AuthDisplay + Debug, GC: GenderClaim + Debug, JE: JweContentEncryptionAlgorithm<KeyType = <K::SigningAlgorithm as JwsSigningAlgorithm>::KeyType> + Debug, K: JsonWebKey + Debug, P: AuthPrompt + Debug, TE: ErrorResponse + Debug, TR: TokenResponse<AC, GC, JE, K::SigningAlgorithm> + Debug, TIR: TokenIntrospectionResponse + Debug, RT: RevocableToken + Debug, TRE: ErrorResponse + Debug, HasAuthUrl: EndpointState + Debug, HasDeviceAuthUrl: EndpointState + Debug, HasIntrospectionUrl: EndpointState + Debug, HasRevocationUrl: EndpointState + Debug, HasTokenUrl: EndpointState + Debug, HasUserInfoUrl: EndpointState + Debug, K::SigningAlgorithm: Debug,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Freeze for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>

§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> RefUnwindSafe for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: RefUnwindSafe, AD: RefUnwindSafe, GC: RefUnwindSafe, JE: RefUnwindSafe, P: RefUnwindSafe, HasUserInfoUrl: RefUnwindSafe, TE: RefUnwindSafe, TR: RefUnwindSafe, TIR: RefUnwindSafe, RT: RefUnwindSafe, TRE: RefUnwindSafe, HasAuthUrl: RefUnwindSafe, HasDeviceAuthUrl: RefUnwindSafe, HasIntrospectionUrl: RefUnwindSafe, HasRevocationUrl: RefUnwindSafe, HasTokenUrl: RefUnwindSafe, K: RefUnwindSafe, <K as JsonWebKey>::SigningAlgorithm: RefUnwindSafe,

§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Send for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: Send, AD: Send, GC: Send, JE: Send, P: Send, HasUserInfoUrl: Send, TE: Send, TR: Send, TIR: Send, RT: Send, TRE: Send, HasAuthUrl: Send, HasDeviceAuthUrl: Send, HasIntrospectionUrl: Send, HasRevocationUrl: Send, HasTokenUrl: Send, K: Send, <K as JsonWebKey>::SigningAlgorithm: Send,

§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Sync for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: Sync, AD: Sync, GC: Sync, JE: Sync, P: Sync, HasUserInfoUrl: Sync, TE: Sync, TR: Sync, TIR: Sync, RT: Sync, TRE: Sync, HasAuthUrl: Sync, HasDeviceAuthUrl: Sync, HasIntrospectionUrl: Sync, HasRevocationUrl: Sync, HasTokenUrl: Sync, K: Sync, <K as JsonWebKey>::SigningAlgorithm: Sync,

§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> Unpin for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: Unpin, AD: Unpin, GC: Unpin, JE: Unpin, P: Unpin, HasUserInfoUrl: Unpin, TE: Unpin, TR: Unpin, TIR: Unpin, RT: Unpin, TRE: Unpin, HasAuthUrl: Unpin, HasDeviceAuthUrl: Unpin, HasIntrospectionUrl: Unpin, HasRevocationUrl: Unpin, HasTokenUrl: Unpin, K: Unpin, <K as JsonWebKey>::SigningAlgorithm: Unpin,

§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> UnsafeUnpin for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>

§

impl<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl> UnwindSafe for Client<AC, AD, GC, JE, K, P, TE, TR, TIR, RT, TRE, HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl, HasUserInfoUrl>
where AC: UnwindSafe, AD: UnwindSafe, GC: UnwindSafe, JE: UnwindSafe, P: UnwindSafe, HasUserInfoUrl: UnwindSafe, TE: UnwindSafe, TR: UnwindSafe, TIR: UnwindSafe, RT: UnwindSafe, TRE: UnwindSafe, HasAuthUrl: UnwindSafe, HasDeviceAuthUrl: UnwindSafe, HasIntrospectionUrl: UnwindSafe, HasRevocationUrl: UnwindSafe, HasTokenUrl: UnwindSafe, K: UnwindSafe, <K as JsonWebKey>::SigningAlgorithm: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,