OauthProtectedResourceMetadata

rust_mcp_sdk::auth

Struct OauthProtectedResourceMetadata 

Source 
pub struct OauthProtectedResourceMetadata {
Show 14 fields
    pub resource: Url,
    pub authorization_servers: Vec<Url>,
    pub jwks_uri: Option<Url>,
    pub scopes_supported: Option<Vec<String>>,
    pub bearer_methods_supported: Option<Vec<String>>,
    pub resource_signing_alg_values_supported: Option<Vec<String>>,
    pub resource_name: Option<String>,
    pub resource_documentation: Option<String>,
    pub resource_policy_uri: Option<Url>,
    pub resource_tos_uri: Option<Url>,
    pub tls_client_certificate_bound_access_tokens: Option<bool>,
    pub authorization_details_types_supported: Option<Vec<String>>,
    pub dpop_signing_alg_values_supported: Option<Vec<String>>,
    pub dpop_bound_access_tokens_required: Option<bool>,

}
Expand description

represents metadata about a protected resource in the OAuth 2.0 ecosystem. It allows clients and authorization servers to discover how to interact with a protected resource (like an MCP endpoint), including security requirements and supported features. https://datatracker.ietf.org/doc/rfc9728

Fields§

§resource: Url

The base identifier of the protected resource (e.g., an MCP server’s URI). This is the only required field.

§authorization_servers: Vec<Url>

List of authorization servers that can issue access tokens for this resource. Allows dynamic trust discovery.

§jwks_uri: Option<Url>

URL where the resource exposes its public keys (JWKS) to verify signed tokens. Typically used to verify JWT access tokens. Example: https://example.com/.well-known/jwks.json

§scopes_supported: Option<Vec<String>>

OAuth scopes the resource supports (e.g., “mcp:tool”, “read”, “write”, “admin”). Helps clients know what they can request for access.

§bearer_methods_supported: Option<Vec<String>>

Methods accepted for presenting Bearer tokens: authorization_header (typical) form_post uri_query

§resource_signing_alg_values_supported: Option<Vec<String>>

Supported signing algorithms for access tokens (if tokens are JWTs). Example: [“RS256”, “ES256”]

§resource_name: Option<String>

A human-readable name for the resource. Useful for UIs, logs, or developer documentation.

§resource_documentation: Option<String>

URL to developer docs describing the resource and how to use it.

§resource_policy_uri: Option<Url>

URL to the resource’s access policy or terms (e.g., rules on who can access what).

§resource_tos_uri: Option<Url>

URL to terms of service applicable to this resource.

§tls_client_certificate_bound_access_tokens: Option<bool>

If true, access tokens must be bound to a client TLS certificate. Used in mutual TLS scenarios for additional security.

§authorization_details_types_supported: Option<Vec<String>>

Lists structured authorization types supported (used with Rich Authorization Requests (RAR) Example: [“payment_initiation”, “account_information”]

§dpop_signing_alg_values_supported: Option<Vec<String>>

Supported algorithms for DPoP (Demonstration of Proof-of-Possession) tokens. Example: [“ES256”, “RS256”]

§dpop_bound_access_tokens_required: Option<bool>

If true, the resource requires access tokens to be DPoP-bound. Enhances security by tying tokens to a specific client and key.

Implementations§

Source§

impl OauthProtectedResourceMetadata

Source

pub fn new<S>( resource: S, authorization_servers: Vec<S>, scopes_supported: Option<Vec<String>>, ) -> Result<Self, ParseError>
where S: AsRef<str>,

Creates a new OAuthProtectedResourceMetadata instance with only the minimal required fields populated.

The resource and each entry in authorization_servers must be valid URLs. All other metadata fields are initialized to their defaults. To provide optional or extended metadata, assign those fields after creation or construct the struct directly.

Trait Implementations§

Source§

impl Clone for OauthProtectedResourceMetadata

Source§

fn clone(&self) -> OauthProtectedResourceMetadata

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OauthProtectedResourceMetadata

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for OauthProtectedResourceMetadata

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for OauthProtectedResourceMetadata

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,