Struct oauth2::Client [−][src]
pub struct Client<TE, TR, TT, TIR, RT, TRE> where
TE: ErrorResponse,
TR: TokenResponse<TT>,
TT: TokenType,
TIR: TokenIntrospectionResponse<TT>,
RT: RevocableToken,
TRE: ErrorResponse, { /* fields omitted */ }
Expand description
Stores the configuration for an OAuth2 client.
Error Types
To enable compile time verification that only the correct and complete set of errors for the Client
function being
invoked are exposed to the caller, the Client
type is specialized on multiple implementations of the
ErrorResponse
trait. The exact ErrorResponse
implementation returned varies by the RFC that the invoked
Client
function implements:
- Generic type
TE
(aka Token Error) for errors defined by RFC 6749 OAuth 2.0 Authorization Framework. - Generic type
TRE
(aka Token Revocation Error) for errors defined by RFC 7009 OAuth 2.0 Token Revocation.
For example when revoking a token, error code unsupported_token_type
(from RFC 7009) may be returned:
let res = client
.revoke_token(AccessToken::new("some token".to_string()).into())
.unwrap()
.request(http_client);
assert!(matches!(res, Err(
RequestTokenError::ServerResponse(err)) if matches!(err.error(),
RevocationErrorResponseType::UnsupportedTokenType)));
Implementations
impl<TE, TR, TT, TIR, RT, TRE> Client<TE, TR, TT, TIR, RT, TRE> where
TE: ErrorResponse + 'static,
TR: TokenResponse<TT>,
TT: TokenType,
TIR: TokenIntrospectionResponse<TT>,
RT: RevocableToken,
TRE: ErrorResponse + 'static,
impl<TE, TR, TT, TIR, RT, TRE> Client<TE, TR, TT, TIR, RT, TRE> where
TE: ErrorResponse + 'static,
TR: TokenResponse<TT>,
TT: TokenType,
TIR: TokenIntrospectionResponse<TT>,
RT: RevocableToken,
TRE: ErrorResponse + 'static,
Initializes an OAuth2 client with the fields common to most OAuth2 flows.
Arguments
client_id
- Client IDclient_secret
- Optional client secret. A client secret is generally used for private (server-side) OAuth2 clients and omitted from public (client-side or native app) OAuth2 clients (see RFC 8252).auth_url
- Authorization endpoint: used by the client to obtain authorization from the resource owner via user-agent redirection. This URL is used in all standard OAuth2 flows except the Resource Owner Password Credentials Grant and the Client Credentials Grant.token_url
- Token endpoint: used by the client to exchange an authorization grant (code) for an access token, typically with client authentication. This URL is used in all standard OAuth2 flows except the Implicit Grant. If this value is set toNone
, theexchange_*
methods will returnErr(RequestTokenError::Other(_))
.
Configures the type of client authentication used for communicating with the authorization server.
The default is to use HTTP Basic authentication, as recommended in Section 2.3.1 of RFC 6749.
Sets the the redirect URL used by the authorization endpoint.
Sets the introspection URL for contacting the (RFC 7662) introspection endpoint.
Sets the revocation URL for contacting the revocation endpoint (RFC 7009).
See: revoke_token()
Sets the the device authorization URL used by the device authorization endpoint. Used for Device Code Flow, as per RFC 8628.
Generates an authorization URL for a new authorization request.
Arguments
state_fn
- A function that returns an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client.
Security Warning
Callers should use a fresh, unpredictable state
for each authorization request and verify
that this value matches the state
parameter passed by the authorization server to the
redirect URI. Doing so mitigates
Cross-Site Request Forgery
attacks. To disable CSRF protections (NOT recommended), use insecure::authorize_url
instead.
Exchanges a code produced by a successful authorization process with an access token.
Acquires ownership of the code
because authorization codes may only be used once to
retrieve an access token from the authorization server.
See https://tools.ietf.org/html/rfc6749#section-4.1.3
pub fn exchange_password<'a, 'b>(
&'a self,
username: &'b ResourceOwnerUsername,
password: &'b ResourceOwnerPassword
) -> PasswordTokenRequest<'b, TE, TR, TT> where
'a: 'b,
pub fn exchange_password<'a, 'b>(
&'a self,
username: &'b ResourceOwnerUsername,
password: &'b ResourceOwnerPassword
) -> PasswordTokenRequest<'b, TE, TR, TT> where
'a: 'b,
Requests an access token for the password grant type.
See https://tools.ietf.org/html/rfc6749#section-4.3.2
Requests an access token for the client credentials grant type.
See https://tools.ietf.org/html/rfc6749#section-4.4.2
pub fn exchange_refresh_token<'a, 'b>(
&'a self,
refresh_token: &'b RefreshToken
) -> RefreshTokenRequest<'b, TE, TR, TT> where
'a: 'b,
pub fn exchange_refresh_token<'a, 'b>(
&'a self,
refresh_token: &'b RefreshToken
) -> RefreshTokenRequest<'b, TE, TR, TT> where
'a: 'b,
Exchanges a refresh token for an access token
See https://tools.ietf.org/html/rfc6749#section-6
pub fn exchange_device_code(
&self
) -> Result<DeviceAuthorizationRequest<'_, TE>, ConfigurationError>
pub fn exchange_device_code(
&self
) -> Result<DeviceAuthorizationRequest<'_, TE>, ConfigurationError>
Perform a device authorization request as per https://tools.ietf.org/html/rfc8628#section-3.1
pub fn exchange_device_access_token<'a, 'b, 'c, EF>(
&'a self,
auth_response: &'b DeviceAuthorizationResponse<EF>
) -> DeviceAccessTokenRequest<'b, 'c, TR, TT, EF> where
'a: 'b,
EF: ExtraDeviceAuthorizationFields,
pub fn exchange_device_access_token<'a, 'b, 'c, EF>(
&'a self,
auth_response: &'b DeviceAuthorizationResponse<EF>
) -> DeviceAccessTokenRequest<'b, 'c, TR, TT, EF> where
'a: 'b,
EF: ExtraDeviceAuthorizationFields,
Perform a device access token request as per https://tools.ietf.org/html/rfc8628#section-3.4
pub fn introspect<'a>(
&'a self,
token: &'a AccessToken
) -> Result<IntrospectionRequest<'a, TE, TIR, TT>, ConfigurationError>
pub fn introspect<'a>(
&'a self,
token: &'a AccessToken
) -> Result<IntrospectionRequest<'a, TE, TIR, TT>, ConfigurationError>
Query the authorization server RFC 7662 compatible
introspection
endpoint to determine the set of metadata for a previously received token.
Requires that set_introspection_uri()
have already been called to set the
introspection endpoint URL.
Attempting to submit the generated request without calling set_introspection_uri()
first will result in an error.
pub fn revoke_token(
&self,
token: RT
) -> Result<RevocationRequest<'_, RT, TRE>, ConfigurationError>
pub fn revoke_token(
&self,
token: RT
) -> Result<RevocationRequest<'_, RT, TRE>, ConfigurationError>
Attempts to revoke the given previously received token using an RFC 7009 OAuth 2.0 Token Revocation compatible endpoint.
Requires that set_revocation_uri()
have already been called to set the
revocation endpoint URL.
Attempting to submit the generated request without calling set_revocation_uri()
first will result in an error.
Trait Implementations
impl<TE: Clone, TR: Clone, TT: Clone, TIR: Clone, RT: Clone, TRE: Clone> Clone for Client<TE, TR, TT, TIR, RT, TRE> where
TE: ErrorResponse,
TR: TokenResponse<TT>,
TT: TokenType,
TIR: TokenIntrospectionResponse<TT>,
RT: RevocableToken,
TRE: ErrorResponse,
impl<TE: Clone, TR: Clone, TT: Clone, TIR: Clone, RT: Clone, TRE: Clone> Clone for Client<TE, TR, TT, TIR, RT, TRE> where
TE: ErrorResponse,
TR: TokenResponse<TT>,
TT: TokenType,
TIR: TokenIntrospectionResponse<TT>,
RT: RevocableToken,
TRE: ErrorResponse,
impl<TE: Debug, TR: Debug, TT: Debug, TIR: Debug, RT: Debug, TRE: Debug> Debug for Client<TE, TR, TT, TIR, RT, TRE> where
TE: ErrorResponse,
TR: TokenResponse<TT>,
TT: TokenType,
TIR: TokenIntrospectionResponse<TT>,
RT: RevocableToken,
TRE: ErrorResponse,
impl<TE: Debug, TR: Debug, TT: Debug, TIR: Debug, RT: Debug, TRE: Debug> Debug for Client<TE, TR, TT, TIR, RT, TRE> where
TE: ErrorResponse,
TR: TokenResponse<TT>,
TT: TokenType,
TIR: TokenIntrospectionResponse<TT>,
RT: RevocableToken,
TRE: ErrorResponse,
Auto Trait Implementations
impl<TE, TR, TT, TIR, RT, TRE> RefUnwindSafe for Client<TE, TR, TT, TIR, RT, TRE> where
RT: RefUnwindSafe,
TE: RefUnwindSafe,
TIR: RefUnwindSafe,
TR: RefUnwindSafe,
TRE: RefUnwindSafe,
TT: RefUnwindSafe,
impl<TE, TR, TT, TIR, RT, TRE> Send for Client<TE, TR, TT, TIR, RT, TRE> where
RT: Send,
TE: Send,
TIR: Send,
TR: Send,
TRE: Send,
TT: Send,
impl<TE, TR, TT, TIR, RT, TRE> Sync for Client<TE, TR, TT, TIR, RT, TRE> where
RT: Sync,
TE: Sync,
TIR: Sync,
TR: Sync,
TRE: Sync,
TT: Sync,
impl<TE, TR, TT, TIR, RT, TRE> Unpin for Client<TE, TR, TT, TIR, RT, TRE> where
RT: Unpin,
TE: Unpin,
TIR: Unpin,
TR: Unpin,
TRE: Unpin,
TT: Unpin,
impl<TE, TR, TT, TIR, RT, TRE> UnwindSafe for Client<TE, TR, TT, TIR, RT, TRE> where
RT: UnwindSafe,
TE: UnwindSafe,
TIR: UnwindSafe,
TR: UnwindSafe,
TRE: UnwindSafe,
TT: UnwindSafe,
Blanket Implementations
Mutably borrows from an owned value. Read more
Instruments this type with the provided Span
, returning an
Instrumented
wrapper. Read more
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more