Expand description
Polymorphic HTTP wrappers for code grant authorization and other flows.
An endpoint is concerned with executing the abstract behaviours given by the backend in terms of the actions of the endpoint types. This means translating Redirect errors to the correct Redirect http response for example or optionally sending internal errors to loggers. The frontends, which are the bindings to particular server libraries, can instantiate the endpoint api or simple reuse existing types.
To ensure the adherence to the oauth2 rfc and the improve general implementations, some control flow of incoming packets is specified here instead of the frontend implementations. Instead, traits are offered to make this compatible with other endpoints. In theory, this makes endpoints pluggable which could improve testing.
§Custom endpoint
In order to not place restrictions on the web server library in use, it is possible to implement an endpoint completely with user defined types.
This requires custom, related implementations of WebRequest and WebResponse.
WARNING: Custom endpoints MUST ensure a secure communication layer with confidential clients.
This means using TLS for communication over https.
After receiving an authorization grant, access token or access request, initiate the respective
flow by collecting the Authorizer, Issuer, and Registrar instances. For example:
Re-exports§
pub use crate::primitives::authorizer::Authorizer;pub use crate::primitives::issuer::Issuer;pub use crate::primitives::registrar::Registrar;pub use crate::primitives::scope::Scope;pub use crate::code_grant::authorization::Extension as AuthorizationExtension;pub use crate::code_grant::accesstoken::Extension as AccessTokenExtension;pub use crate::code_grant::client_credentials::Extension as ClientCredentialsExtension;pub use crate::primitives::registrar::PreGrant;
Structs§
- Access
Token Flow - Offers access tokens to authenticated third parties.
- Authorization
Flow - All relevant methods for handling authorization code requests.
- Client
Credentials Flow - Offers access tokens to authenticated third parties.
- Normalized
Parameter - The query parameter normal form.
- Refresh
Flow - Takes requests from clients to refresh their access tokens.
- Resource
Flow - Guards resources by requiring OAuth authorization.
- Solicitation
- A pending solicitation to a resource owner.
- Template
- Modifiable reason for creating a response to the client.
Enums§
- OAuth
Error - Errors which should not or need not be communicated to the requesting party but which are of interest to the server. See the documentation for each enum variant for more documentation on each as some may have an expected response. These include badly formatted headers or url encoded body, unexpected parameters, or security relevant required parameters.
- Owner
Consent - Answer from OwnerAuthorizer to indicate the owners choice.
- Response
Status - The general manner of the response.
Traits§
- Endpoint
- Fuses requests and primitives into a coherent system to give a response.
- Extension
- Intermediate trait to flow specific extensions.
- Owner
Solicitor - Checks consent with the owner of a resource, identified in a request.
- Query
Parameter - Allows access to the query parameters in an url or a body.
- Scopes
- Determine the scopes applying to a request of a resource.
- Unique
Value - Return a reference to value in a collection if it is the only one.
- WebRequest
- Abstraction of web requests with several different abstractions and constructors needed by an endpoint. It is assumed to originate from an HTTP request, as defined in the scope of the rfc, but theoretically other requests are possible.
- WebResponse
- Response representation into which the Request is transformed by the code_grant types.
Functions§
- is_
authorization_ method - Check if the header is an authorization method