pub struct OidcClient<H = ReqwestOidcHttpClient> { /* private fields */ }Expand description
Stateful OIDC client with discovery and JWKS caching.
Implementations§
Source§impl<H> OidcClient<H>where
H: OidcHttpClient,
impl<H> OidcClient<H>where
H: OidcHttpClient,
Sourcepub fn with_http_client(
config: OidcConfig,
http_client: H,
) -> Result<Self, OidcError>
pub fn with_http_client( config: OidcConfig, http_client: H, ) -> Result<Self, OidcError>
Create an OIDC client with a caller-supplied HTTP implementation.
§Errors
Returns an error when the configuration is invalid.
Sourcepub async fn discover(&self) -> Result<OidcProviderMetadata, OidcError>
pub async fn discover(&self) -> Result<OidcProviderMetadata, OidcError>
Fetch and cache the provider discovery document.
§Errors
Returns an error when discovery fails or the document is invalid.
Build a secure authorization request using exact-match redirect URI, state, nonce, and PKCE.
§Errors
Returns an error when discovery fails.
Sourcepub async fn build_token_exchange_request(
&self,
pending: &OidcAuthorizationRequest,
code: &str,
returned_state: &str,
code_verifier: Option<&str>,
) -> Result<OidcTokenExchangeRequest, OidcError>
pub async fn build_token_exchange_request( &self, pending: &OidcAuthorizationRequest, code: &str, returned_state: &str, code_verifier: Option<&str>, ) -> Result<OidcTokenExchangeRequest, OidcError>
Build token-exchange parameters while enforcing state and PKCE rules.
§Errors
Returns an error when the callback state or PKCE data is invalid.
Sourcepub async fn validate_id_token(
&self,
id_token: &str,
expected_nonce: Option<&str>,
) -> Result<OidcClaims, OidcError>
pub async fn validate_id_token( &self, id_token: &str, expected_nonce: Option<&str>, ) -> Result<OidcClaims, OidcError>
Validate an ID token using discovery metadata, cached JWKS, and the configured nonce.
§Errors
Returns an error when the token is invalid or the provider cannot be reached.
Sourcepub async fn fetch_userinfo(
&self,
access_token: &str,
) -> Result<OidcUserInfo, OidcError>
pub async fn fetch_userinfo( &self, access_token: &str, ) -> Result<OidcUserInfo, OidcError>
Fetch the provider’s userinfo document using the bearer access token.
§Errors
Returns an error when the provider does not expose userinfo or the request fails.