Request

oxide_auth::code_grant::client_credentials

Trait Request 

Source 
pub trait Request {
    // Required methods
    fn valid(&self) -> bool;
    fn authorization(&self) -> Option<(Cow<'_, str>, Cow<'_, [u8]>)>;
    fn scope(&self) -> Option<Cow<'_, str>>;
    fn grant_type(&self) -> Option<Cow<'_, str>>;
    fn extension(&self, key: &str) -> Option<Cow<'_, str>>;

    // Provided methods
    fn allow_credentials_in_body(&self) -> bool { ... }
    fn allow_refresh_token(&self) -> bool { ... }
}
Expand description

Required content of a client credentials request.

Required Methods§

Source

fn valid(&self) -> bool

Received request might not be encoded correctly. This method gives implementors the chance to signal that a request was received but its encoding was generally malformed. If this is the case, then no other attribute will be queried. This method exists mainly to make frontends straightforward by not having them handle special cases for malformed requests.

Source

fn authorization(&self) -> Option<(Cow<'_, str>, Cow<'_, [u8]>)>

User:password of a basic authorization header.

Source

fn scope(&self) -> Option<Cow<'_, str>>

Optionally specifies the requested scope

Source

fn grant_type(&self) -> Option<Cow<'_, str>>

Valid requests have this set to “client_credentials”

Source

fn extension(&self, key: &str) -> Option<Cow<'_, str>>

Retrieve an additional parameter used in an extension

Provided Methods§

Source

fn allow_credentials_in_body(&self) -> bool

Credentials in body should only be enabled if use of HTTP Basic is not possible.

Allows the request body to contain the client_secret as a form parameter. This is NOT RECOMMENDED and need not be supported. The parameters MUST NOT appear in the request URI itself.

Under these considerations, support must be explicitely enabled.

Source

fn allow_refresh_token(&self) -> bool

Allow the refresh token to be included in the response.

According to RFC-6749 Section 4.4.3 “A refresh token SHOULD NOT be included” in the response for the client credentials grant. Following that recommendation, the default behaviour of this flow is to discard any refresh token that is returned from the issuer.

If this behaviour is not what you want (it is possible that your particular application does have a use for a client credentials refresh token), you may enable this feature.

Implementors§