pub struct ClientCredentialsFlow<E, R>{ /* private fields */ }Expand description
Offers access tokens to authenticated third parties.
A client may request a token that provides access to their own resources.
Client credentials can be allowed to appear in the request body instead of being
required to be passed as HTTP Basic authorization. This is not recommended and must be
enabled explicitely. See allow_credentials_in_body for details.
Implementations§
Source§impl<E, R> ClientCredentialsFlow<E, R>where
E: Endpoint<R> + Send + Sync,
R: WebRequest + Send + Sync,
<R as WebRequest>::Error: Send + Sync,
impl<E, R> ClientCredentialsFlow<E, R>where
E: Endpoint<R> + Send + Sync,
R: WebRequest + Send + Sync,
<R as WebRequest>::Error: Send + Sync,
Sourcepub fn prepare(endpoint: E) -> Result<Self, E::Error>
pub fn prepare(endpoint: E) -> Result<Self, E::Error>
Check that the endpoint supports the necessary operations for handling requests.
Binds the endpoint to a particular type of request that it supports, for many implementations this is probably single type anyways.
§Panics
Indirectly execute may panic when this flow is instantiated with an inconsistent
endpoint, for details see the documentation of Endpoint and execute. For
consistent endpoints, the panic is instead caught as an error here.
Sourcepub fn allow_credentials_in_body(&mut self, allow: bool)
pub fn allow_credentials_in_body(&mut self, allow: bool)
Credentials in body should only be enabled if use of HTTP Basic is not possible.
Allows the request body to contain the client_secret as a form parameter. This is NOT
RECOMMENDED and need not be supported. The parameters MUST NOT appear in the request URI
itself.
Thus support is disabled by default and must be explicitely enabled.
Sourcepub fn allow_refresh_token(&mut self, allow: bool)
pub fn allow_refresh_token(&mut self, allow: bool)
Allow the refresh token to be included in the response.
According to RFC-6749 Section 4.4.3 “A refresh token SHOULD NOT be included” in the response for the client credentials grant. Following that recommendation, the default behaviour of this flow is to discard any refresh token that is returned from the issuer.
If this behaviour is not what you want (it is possible that your particular application does have a use for a client credentials refresh token), you may enable this feature.