Struct oauth2::Client[][src]

pub struct Client<TE, TR, TT, TIR, RT, TRE> where
    TE: ErrorResponse,
    TR: TokenResponse<TT>,
    TT: TokenType,
    TIR: TokenIntrospectionResponse<TT>,
    RT: RevocableToken,
    TRE: ErrorResponse { /* fields omitted */ }
Expand description

Stores the configuration for an OAuth2 client.

Error Types

To enable compile time verification that only the correct and complete set of errors for the Client function being invoked are exposed to the caller, the Client type is specialized on multiple implementations of the ErrorResponse trait. The exact ErrorResponse implementation returned varies by the RFC that the invoked Client function implements:

For example when revoking a token, error code unsupported_token_type (from RFC 7009) may be returned:

let res = client
    .revoke_token(AccessToken::new("some token".to_string()).into())
    .unwrap()
    .request(http_client);

assert!(matches!(res, Err(
    RequestTokenError::ServerResponse(err)) if matches!(err.error(),
        RevocationErrorResponseType::UnsupportedTokenType)));

Implementations

Initializes an OAuth2 client with the fields common to most OAuth2 flows.

Arguments
  • client_id - Client ID
  • client_secret - Optional client secret. A client secret is generally used for private (server-side) OAuth2 clients and omitted from public (client-side or native app) OAuth2 clients (see RFC 8252).
  • auth_url - Authorization endpoint: used by the client to obtain authorization from the resource owner via user-agent redirection. This URL is used in all standard OAuth2 flows except the Resource Owner Password Credentials Grant and the Client Credentials Grant.
  • token_url - Token endpoint: used by the client to exchange an authorization grant (code) for an access token, typically with client authentication. This URL is used in all standard OAuth2 flows except the Implicit Grant. If this value is set to None, the exchange_* methods will return Err(RequestTokenError::Other(_)).

Configures the type of client authentication used for communicating with the authorization server.

The default is to use HTTP Basic authentication, as recommended in Section 2.3.1 of RFC 6749.

Sets the the redirect URL used by the authorization endpoint.

Sets the introspection URL for contacting the (RFC 7662) introspection endpoint.

Sets the revocation URL for contacting the revocation endpoint (RFC 7009).

See: revoke_token()

Sets the the device authorization URL used by the device authorization endpoint. Used for Device Code Flow, as per RFC 8628.

Generates an authorization URL for a new authorization request.

Arguments
  • state_fn - A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.
Security Warning

Callers should use a fresh, unpredictable state for each authorization request and verify that this value matches the state parameter passed by the authorization server to the redirect URI. Doing so mitigates Cross-Site Request Forgery attacks. To disable CSRF protections (NOT recommended), use insecure::authorize_url instead.

Exchanges a code produced by a successful authorization process with an access token.

Acquires ownership of the code because authorization codes may only be used once to retrieve an access token from the authorization server.

See https://tools.ietf.org/html/rfc6749#section-4.1.3

Requests an access token for the password grant type.

See https://tools.ietf.org/html/rfc6749#section-4.3.2

Requests an access token for the client credentials grant type.

See https://tools.ietf.org/html/rfc6749#section-4.4.2

Exchanges a refresh token for an access token

See https://tools.ietf.org/html/rfc6749#section-6

Perform a device authorization request as per https://tools.ietf.org/html/rfc8628#section-3.1

Perform a device access token request as per https://tools.ietf.org/html/rfc8628#section-3.4

Query the authorization server RFC 7662 compatible introspection endpoint to determine the set of metadata for a previously received token.

Requires that set_introspection_uri() have already been called to set the introspection endpoint URL.

Attempting to submit the generated request without calling set_introspection_uri() first will result in an error.

Attempts to revoke the given previously received token using an RFC 7009 OAuth 2.0 Token Revocation compatible endpoint.

Requires that set_revocation_uri() have already been called to set the revocation endpoint URL.

Attempting to submit the generated request without calling set_revocation_uri() first will result in an error.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Performs the conversion.

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more