Skip to main content

OidcSharedConfig

securitydept_token_set_context::orchestration

Struct OidcSharedConfig 

Source 
pub struct OidcSharedConfig {
    pub remote: OAuthProviderRemoteConfig,
    pub client_id: Option<String>,
    pub client_secret: Option<String>,
    pub required_scopes: Vec<String>,
}
Expand description

Shared OIDC alias configuration block — provider remote fallback skeleton.

When present in the application config (typically [oidc]), provides fallback values for OAuthProviderRemoteConfig fields that both oidc-client and oauth-resource-server need. Also holds optional confidential-client defaults (client_id, client_secret) that are commonly shared in single-provider deployments with introspection.

§Current scope (supported fields)

  • well_known_url, issuer_url, jwks_uri — URL fields with true presence-aware fallback (local Some > shared Some > None)
  • client_id, client_secret — optional confidential-client defaults; not pure provider connectivity, but commonly shared between oidc_client (full client) and oauth_resource_server.introspection
  • required_scopes — scopes that MUST appear in token endpoint responses; presence-aware (Vec::is_empty sentinel: local non-empty wins, else shared)

§Known limitations

Duration fields (metadata_refresh_interval, jwks_refresh_interval) are non-optional in OAuthProviderRemoteConfig and use serde defaults. The current implementation uses sentinel heuristics and cannot distinguish “local explicitly set to the default” from “local not configured”. A future iteration should migrate these to Option<Duration>.

§Shared but not provider connectivity

client_id and client_secret can be shared via [oidc], but they must be resolved separately from OAuthProviderRemoteConfig. They are exposed on this struct as optional fields and resolved through dedicated helpers.

Fields§

§remote: OAuthProviderRemoteConfig

Shared provider connectivity settings (URL + interval fields).

§client_id: Option<String>

Optional confidential-client default. Not pure provider connectivity; shared when both oidc-client and resource-server introspection use the same client identity against a single provider.

§client_secret: Option<String>

Optional confidential-client secret default. See client_id.

§required_scopes: Vec<String>

Shared required-scopes list. Applied when the local client config does not specify its own required_scopes.

Implementations§

Source§

impl OidcSharedConfig

Source

pub fn resolve_remote( &self, local: &OAuthProviderRemoteConfig, ) -> OAuthProviderRemoteConfig

Resolve a local OAuthProviderRemoteConfig against this shared fallback. For Option<String> URL fields, local Some takes priority. For duration fields, see the struct-level doc on known limitations.

Source

pub fn resolve_client_id(&self, local: Option<&str>) -> Option<String>

Resolve a local optional client_id String against the shared client_id default.

Returns local if it is Some; otherwise falls back to the shared default. None means neither local nor shared has a value.

Source

pub fn resolve_client_secret(&self, local: Option<&str>) -> Option<String>

Resolve a local optional client_secret against the shared default.

Source

pub fn resolve_required_scopes(&self, local: &[String]) -> Vec<String>

Resolve a local required_scopes list against the shared default.

Resolution: local non-empty wins; when local is empty the shared list is used instead. This allows partial overrides while still using Vec::is_empty as the “not set” sentinel (no Option wrapper needed).

Trait Implementations§

Source§

impl Clone for OidcSharedConfig

Source§

fn clone(&self) -> OidcSharedConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OidcSharedConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Default for OidcSharedConfig

Source§

fn default() -> OidcSharedConfig

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for OidcSharedConfig

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<OidcSharedConfig, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ErasedDestructor for T
where T: 'static,