Skip to main content

OauthHttpClient

rmcp_server_kit::oauth

Struct OauthHttpClient 

Source 
pub struct OauthHttpClient { /* private fields */ }
Expand description

HTTP client used by exchange_token and the OAuth 2.1 proxy handlers (handle_token, handle_introspect, handle_revoke).

Wraps an internal HTTP backend so callers do not depend on the concrete crate. Construct one per process and reuse across requests (the underlying connection pool is shared internally via Clone - cheap, refcounted).

Hardening (since 1.2.1). When constructed via with_config (preferred), the internal client refuses any redirect that downgrades the scheme from https to http, even when the original request URL was HTTPS. This closes a class of metadata-poisoning attacks where a hostile or compromised upstream IdP returns 302 Location: http://... and the resulting plaintext hop is intercepted by a network-positioned attacker to siphon bearer tokens, refresh tokens, or introspection traffic. When the caller has set OAuthConfig::allow_http_oauth_urls to true (development only), HTTP-to-HTTP redirects are still permitted but HTTPS-to-HTTP downgrades are always rejected.

with_config also honours OAuthConfig::ca_cert_path (if set) and adds the supplied PEM CA bundle to the system roots so that every OAuth-bound HTTP request – not just the JWKS fetch – can trust enterprise/internal certificate authorities. This restores the behaviour that existed pre-0.10.0 before the OauthHttpClient wrapper landed.

The legacy new constructor (no-arg) is preserved for source compatibility but is #[deprecated]: it returns a client with system-roots-only TLS trust and the strictest redirect policy (HTTPS-only, never permits plain HTTP). Migrate to with_config at the earliest opportunity so that token / introspection / revocation / exchange traffic inherits the same CA trust and allow_http_oauth_urls toggle as the JWKS fetch client.

Implementations§

Source§

impl OauthHttpClient

Source

pub fn with_config(config: &OAuthConfig) -> Result<Self, McpxError>

Build a client from the OAuth configuration (preferred since 1.2.1).

Defaults: connect_timeout = 10s, total timeout = 30s, scheme-downgrade-rejecting redirect policy (max 2 hops), optional custom CA trust via OAuthConfig::ca_cert_path, and HTTP-to-HTTP redirects gated by OAuthConfig::allow_http_oauth_urls (dev-only).

Pass the same &OAuthConfig you supplied to JwksCache::new / serve() so the OAuth-bound HTTP traffic inherits identical CA trust and HTTPS-only redirect policy.

§Errors

Returns crate::error::McpxError::Startup if the configured ca_cert_path cannot be read or parsed, or if the underlying HTTP client cannot be constructed (e.g. TLS backend init failure).

Source

pub fn new() -> Result<Self, McpxError>

👎Deprecated since 1.2.1:

use OauthHttpClient::with_config(&OAuthConfig) so token/introspect/revoke/exchange traffic inherits ca_cert_path and the allow_http_oauth_urls toggle

Build a client with default settings (system CA roots only, strict HTTPS-only redirect policy).

Deprecated since 1.2.1. This constructor cannot honour OAuthConfig::ca_cert_path (so token / introspection / revocation / exchange traffic falls back to the system trust store, breaking enterprise PKI deployments) and ignores the OAuthConfig::allow_http_oauth_urls dev-mode toggle (so HTTP-to-HTTP redirects are unconditionally refused). Both of these are bugs that the new with_config constructor fixes.

The redirect policy still rejects https -> http downgrades, matching the security posture of with_config.

Migrate to with_config and pass the same &OAuthConfig your serve() call uses.

§Errors

Returns crate::error::McpxError::Startup if the underlying HTTP client cannot be constructed (e.g. TLS backend init failure).

Trait Implementations§

Source§

impl Clone for OauthHttpClient

Source§

fn clone(&self) -> OauthHttpClient

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OauthHttpClient

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,