oauth2

Struct Client

Source 
pub struct Client<TE, TR, TT, TIR, RT, TRE>
where
    TE: ErrorResponse,
    TR: TokenResponse<TT>,
    TT: TokenType,
    TIR: TokenIntrospectionResponse<TT>,
    RT: RevocableToken,
    TRE: ErrorResponse,
{ /* private fields */ }
Expand description

Stores the configuration for an OAuth2 client.

§Error Types

To enable compile time verification that only the correct and complete set of errors for the Client function being invoked are exposed to the caller, the Client type is specialized on multiple implementations of the ErrorResponse trait. The exact ErrorResponse implementation returned varies by the RFC that the invoked Client function implements:

For example when revoking a token, error code unsupported_token_type (from RFC 7009) may be returned:

let res = client
    .revoke_token(AccessToken::new("some token".to_string()).into())
    .unwrap()
    .request(http_client);

assert!(matches!(res, Err(
    RequestTokenError::ServerResponse(err)) if matches!(err.error(),
        RevocationErrorResponseType::UnsupportedTokenType)));

Implementations§

Source§

impl<TE, TR, TT, TIR, RT, TRE> Client<TE, TR, TT, TIR, RT, TRE>
where TE: ErrorResponse + 'static, TR: TokenResponse<TT>, TT: TokenType, TIR: TokenIntrospectionResponse<TT>, RT: RevocableToken, TRE: ErrorResponse + 'static,

Source

pub fn new( client_id: ClientId, client_secret: Option<ClientSecret>, auth_url: AuthUrl, token_url: Option<TokenUrl>, ) -> Self

Initializes an OAuth2 client with the fields common to most OAuth2 flows.

§Arguments
  • client_id - Client ID
  • client_secret - Optional client secret. A client secret is generally used for private (server-side) OAuth2 clients and omitted from public (client-side or native app) OAuth2 clients (see RFC 8252).
  • auth_url - Authorization endpoint: used by the client to obtain authorization from the resource owner via user-agent redirection. This URL is used in all standard OAuth2 flows except the Resource Owner Password Credentials Grant and the Client Credentials Grant.
  • token_url - Token endpoint: used by the client to exchange an authorization grant (code) for an access token, typically with client authentication. This URL is used in all standard OAuth2 flows except the Implicit Grant. If this value is set to None, the exchange_* methods will return Err(RequestTokenError::Other(_)).
Source

pub fn set_auth_type(self, auth_type: AuthType) -> Self

Configures the type of client authentication used for communicating with the authorization server.

The default is to use HTTP Basic authentication, as recommended in Section 2.3.1 of RFC 6749. Note that if a client secret is omitted (i.e., client_secret is set to None when calling Client::new), AuthType::RequestBody is used regardless of the auth_type passed to this function.

Source

pub fn set_redirect_uri(self, redirect_url: RedirectUrl) -> Self

Sets the redirect URL used by the authorization endpoint.

Source

pub fn set_introspection_uri(self, introspection_url: IntrospectionUrl) -> Self

Sets the introspection URL for contacting the (RFC 7662) introspection endpoint.

Source

pub fn set_revocation_uri(self, revocation_url: RevocationUrl) -> Self

Sets the revocation URL for contacting the revocation endpoint (RFC 7009).

See: revoke_token()

Source

pub fn set_device_authorization_url( self, device_authorization_url: DeviceAuthorizationUrl, ) -> Self

Sets the the device authorization URL used by the device authorization endpoint. Used for Device Code Flow, as per RFC 8628.

Source

pub fn authorize_url<S>(&self, state_fn: S) -> AuthorizationRequest<'_>
where S: FnOnce() -> CsrfToken,

Generates an authorization URL for a new authorization request.

§Arguments
  • state_fn - A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.
§Security Warning

Callers should use a fresh, unpredictable state for each authorization request and verify that this value matches the state parameter passed by the authorization server to the redirect URI. Doing so mitigates Cross-Site Request Forgery attacks. To disable CSRF protections (NOT recommended), use insecure::authorize_url instead.

Source

pub fn exchange_code( &self, code: AuthorizationCode, ) -> CodeTokenRequest<'_, TE, TR, TT>

Exchanges a code produced by a successful authorization process with an access token.

Acquires ownership of the code because authorization codes may only be used once to retrieve an access token from the authorization server.

See https://tools.ietf.org/html/rfc6749#section-4.1.3.

Source

pub fn exchange_password<'a, 'b>( &'a self, username: &'b ResourceOwnerUsername, password: &'b ResourceOwnerPassword, ) -> PasswordTokenRequest<'b, TE, TR, TT>
where 'a: 'b,

Requests an access token for the password grant type.

See https://tools.ietf.org/html/rfc6749#section-4.3.2.

Source

pub fn exchange_client_credentials( &self, ) -> ClientCredentialsTokenRequest<'_, TE, TR, TT>

Requests an access token for the client credentials grant type.

See https://tools.ietf.org/html/rfc6749#section-4.4.2.

Source

pub fn exchange_refresh_token<'a, 'b>( &'a self, refresh_token: &'b RefreshToken, ) -> RefreshTokenRequest<'b, TE, TR, TT>
where 'a: 'b,

Exchanges a refresh token for an access token

See https://tools.ietf.org/html/rfc6749#section-6.

Source

pub fn exchange_device_code( &self, ) -> Result<DeviceAuthorizationRequest<'_, TE>, ConfigurationError>

Perform a device authorization request as per https://tools.ietf.org/html/rfc8628#section-3.1.

Source

pub fn exchange_device_access_token<'a, 'b, 'c, EF>( &'a self, auth_response: &'b DeviceAuthorizationResponse<EF>, ) -> DeviceAccessTokenRequest<'b, 'c, TR, TT, EF>
where EF: ExtraDeviceAuthorizationFields, 'a: 'b,

Perform a device access token request as per https://tools.ietf.org/html/rfc8628#section-3.4.

Source

pub fn introspect<'a>( &'a self, token: &'a AccessToken, ) -> Result<IntrospectionRequest<'a, TE, TIR, TT>, ConfigurationError>

Query the authorization server RFC 7662 compatible introspection endpoint to determine the set of metadata for a previously received token.

Requires that set_introspection_uri() have already been called to set the introspection endpoint URL.

Attempting to submit the generated request without calling set_introspection_uri() first will result in an error.

Source

pub fn revoke_token( &self, token: RT, ) -> Result<RevocationRequest<'_, RT, TRE>, ConfigurationError>

Attempts to revoke the given previously received token using an RFC 7009 OAuth 2.0 Token Revocation compatible endpoint.

Requires that set_revocation_uri() have already been called to set the revocation endpoint URL.

Attempting to submit the generated request without calling set_revocation_uri() first will result in an error.

Source

pub fn client_id(&self) -> &ClientId

Returns the Client ID.

Source

pub fn auth_url(&self) -> &AuthUrl

Returns the authorization endpoint.

Source

pub fn auth_type(&self) -> &AuthType

Returns the type of client authentication used for communicating with the authorization server.

Source

pub fn token_url(&self) -> Option<&TokenUrl>

Returns the token endpoint.

Source

pub fn redirect_url(&self) -> Option<&RedirectUrl>

Returns the redirect URL used by the authorization endpoint.

Source

pub fn introspection_url(&self) -> Option<&IntrospectionUrl>

Returns the introspection URL for contacting the (RFC 7662) introspection endpoint.

Source

pub fn revocation_url(&self) -> Option<&RevocationUrl>

Returns the revocation URL for contacting the revocation endpoint (RFC 7009).

See: revoke_token()

Source

pub fn device_authorization_url(&self) -> Option<&DeviceAuthorizationUrl>

Returns the the device authorization URL used by the device authorization endpoint.

Trait Implementations§

Source§

impl<TE, TR, TT, TIR, RT, TRE> Clone for Client<TE, TR, TT, TIR, RT, TRE>
where TE: ErrorResponse + Clone, TR: TokenResponse<TT> + Clone, TT: TokenType + Clone, TIR: TokenIntrospectionResponse<TT> + Clone, RT: RevocableToken + Clone, TRE: ErrorResponse + Clone,

Source§

fn clone(&self) -> Client<TE, TR, TT, TIR, RT, TRE>

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<TE, TR, TT, TIR, RT, TRE> Debug for Client<TE, TR, TT, TIR, RT, TRE>
where TE: ErrorResponse + Debug, TR: TokenResponse<TT> + Debug, TT: TokenType + Debug, TIR: TokenIntrospectionResponse<TT> + Debug, RT: RevocableToken + Debug, TRE: ErrorResponse + Debug,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<TE, TR, TT, TIR, RT, TRE> Freeze for Client<TE, TR, TT, TIR, RT, TRE>

§

impl<TE, TR, TT, TIR, RT, TRE> RefUnwindSafe for Client<TE, TR, TT, TIR, RT, TRE>
where TE: RefUnwindSafe, TR: RefUnwindSafe, TT: RefUnwindSafe, TIR: RefUnwindSafe, RT: RefUnwindSafe, TRE: RefUnwindSafe,

§

impl<TE, TR, TT, TIR, RT, TRE> Send for Client<TE, TR, TT, TIR, RT, TRE>
where TE: Send, TR: Send, TT: Send, TIR: Send, RT: Send, TRE: Send,

§

impl<TE, TR, TT, TIR, RT, TRE> Sync for Client<TE, TR, TT, TIR, RT, TRE>
where TE: Sync, TR: Sync, TT: Sync, TIR: Sync, RT: Sync, TRE: Sync,

§

impl<TE, TR, TT, TIR, RT, TRE> Unpin for Client<TE, TR, TT, TIR, RT, TRE>
where TE: Unpin, TR: Unpin, TT: Unpin, TIR: Unpin, RT: Unpin, TRE: Unpin,

§

impl<TE, TR, TT, TIR, RT, TRE> UnwindSafe for Client<TE, TR, TT, TIR, RT, TRE>
where TE: UnwindSafe, TR: UnwindSafe, TT: UnwindSafe, TIR: UnwindSafe, RT: UnwindSafe, TRE: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V