turbomcp_auth/oauth2/mod.rs
1//! OAuth 2.1 Implementation
2//!
3//! This module provides an OAuth 2.1 implementation with:
4//! - Authorization Code flow with PKCE (RFC 7636)
5//! - Refresh tokens
6//! - Resource Indicators (RFC 8707) - **MCP Required**
7//! - Protected Resource Metadata (RFC 9728) - **MCP Required**
8//! - Dynamic Client Registration (RFC 7591)
9//! - DPoP integration (RFC 9449)
10//!
11//! ## Submodules
12//!
13//! - `client` - OAuth2Client for basic operations
14//! - `resource` - RFC 8707 Resource Indicators (MCP required)
15//! - `validation` - URI and security validation
16//!
17//! ## MCP Compliance
18//!
19//! This implementation follows MCP specification requirements:
20//! - RFC 8707 resource parameters MUST be included in all OAuth flows
21//! - Tokens MUST be bound to specific MCP servers via audience claims
22//! - PKCE MUST be used for authorization code flows
23
24pub mod client;
25pub mod dcr;
26pub mod resource;
27pub mod validation;
28
29// Re-export client types
30pub use client::OAuth2Client;
31
32// Re-export DCR types (RFC 7591)
33pub use dcr::{DcrBuilder, DcrClient, RegistrationRequest, RegistrationResponse};
34
35// Re-export resource validation (RFC 8707)
36pub use resource::validate_resource_uri;
37
38// Re-export validation functions
39pub use validation::*;