Crate xjp_oidc

Expand description

§xjp-oidc

A comprehensive OIDC/OAuth2 SDK for Rust with support for both server and WASM environments.

§Features

Authorization Code Flow with PKCE
OIDC Discovery and JWKS caching
ID Token verification with standard claims validation
Dynamic Client Registration (server-only)
RP-Initiated Logout
Resource Server JWT verification
Optional Axum integration

§Example

use xjp_oidc::{create_pkce, build_auth_url, BuildAuthUrl};

// Create PKCE challenge
let (verifier, challenge, method) = create_pkce()?;

// Build authorization URL
let auth_result = build_auth_url(BuildAuthUrl {
    issuer: "https://auth.example.com".into(),
    client_id: "my-client".into(),
    redirect_uri: "https://app.example.com/callback".into(),
    scope: "openid profile email".into(),
    code_challenge: challenge,
    state: None,
    nonce: None,
    prompt: None,
    extra_params: None,
    tenant: None,
    authorization_endpoint: None,
})?;
let auth_url = auth_result.url;
// Save auth_result.state and auth_result.nonce for later validation

Re-exports§

pub use cache::Cache;
pub use cache::NoOpCache;
pub use cache::MemoryCache;
pub use cache::LruCacheImpl;lru
pub use cache::MokaCacheImpl;Non-WebAssembly and moka
pub use errors::Error;
pub use http::HttpClient;
pub use http::HttpClientError;
pub use http::ReqwestHttpClient;Non-WebAssembly and http-reqwest
pub use types::*;

Modules§

cache: Cache abstraction for JWKS and discovery metadata
discovery_tenant: OIDC Discovery implementation with multi-tenant support
errors: Error types for xjp-oidc SDK
http: HTTP client abstraction for both server and WASM environments
http_tenant: HTTP client extension for multi-tenant support
prelude: Prelude module for convenient imports
sseNon-WebAssembly: Server-Sent Events (SSE) support for login flows
tenant: Multi-tenant support for OIDC SDK
types: Public types for the xjp-oidc SDK

Structs§

Jwk: JSON Web Key (JWK) structure
Jwks: JSON Web Key Set (JWKS)
JwtVerifierverifier: JWT Verifier for Resource Server
OidcClientNon-WebAssembly and http-reqwest and moka: Default OIDC client with built-in HTTP and cache implementations

Constants§

VERSION: SDK version

Functions§

build_auth_url: Build an authorization URL for the OAuth2/OIDC flow
build_auth_url_with_metadata: Build authorization URL from provider metadata
build_end_session_url: Build an end session (logout) URL
build_end_session_url_with_discovery: Build an end session URL with discovery metadata
create_pkce: Generate a PKCE verifier/challenge pair
discover: Discover OIDC provider metadata from issuer URL
exchange_codeNon-WebAssembly: Exchange authorization code for tokens
fetch_jwks: Fetch JWKS from the endpoint
get_client_configNon-WebAssembly: Get client configuration from the authorization server
get_userinfo: Get user information from the UserInfo endpoint
introspect_tokenNon-WebAssembly: Introspect a token to determine its active state and metadata
parse_callback_params: Parse callback parameters from the authorization response
refresh_tokenNon-WebAssembly: Refresh an access token using a refresh token
register_clientNon-WebAssembly: Register a new client with the authorization server
revoke_tokenNon-WebAssembly: Revoke a token (access token or refresh token)
verify_id_token: Verify an ID token and return verified claims

Crate xjp_oidc

Crate xjp_oidc Copy item path

§xjp-oidc

§Features

§Example

Re-exports§

Modules§

Structs§

Constants§

Functions§

Crate xjp_oidc