Struct oxide_auth::endpoint::AccessTokenFlow
source · pub struct AccessTokenFlow<E, R>where
E: Endpoint<R>,
R: WebRequest,{ /* private fields */ }
Expand description
Offers access tokens to authenticated third parties.
After having received an authorization code from the resource owner, a client must directly contact the OAuth endpoint–authenticating itself–to receive the access token. The token is then used as authorization in requests to the resource. This request MUST be protected by TLS.
Client credentials can be allowed to appear in the request body instead of being
required to be passed as HTTP Basic authorization. This is not recommended and must be
enabled explicitely. See allow_credentials_in_body
for details.
Implementations§
source§impl<E, R> AccessTokenFlow<E, R>where
E: Endpoint<R>,
R: WebRequest,
impl<E, R> AccessTokenFlow<E, R>where E: Endpoint<R>, R: WebRequest,
sourcepub fn prepare(endpoint: E) -> Result<Self, E::Error>
pub fn prepare(endpoint: E) -> Result<Self, E::Error>
Check that the endpoint supports the necessary operations for handling requests.
Binds the endpoint to a particular type of request that it supports, for many implementations this is probably single type anyways.
Panics
Indirectly execute
may panic when this flow is instantiated with an inconsistent
endpoint, for details see the documentation of Endpoint
and execute
. For
consistent endpoints, the panic is instead caught as an error here.
sourcepub fn allow_credentials_in_body(&mut self, allow: bool)
pub fn allow_credentials_in_body(&mut self, allow: bool)
Credentials in body should only be enabled if use of HTTP Basic is not possible.
Allows the request body to contain the client_secret
as a form parameter. This is NOT
RECOMMENDED and need not be supported. The parameters MUST NOT appear in the request URI
itself.
Thus support is disabled by default and must be explicitely enabled.