Struct mas_oidc_client::types::registration::ClientMetadata

pub struct ClientMetadata {

    pub redirect_uris: Option<Vec<Url>>,
    pub response_types: Option<Vec<ResponseType>>,
    pub grant_types: Option<Vec<GrantType>>,
    pub application_type: Option<ApplicationType>,
    pub contacts: Option<Vec<String>>,
    pub client_name: Option<Localized<String>>,
    pub logo_uri: Option<Localized<Url>>,
    pub client_uri: Option<Localized<Url>>,
    pub policy_uri: Option<Localized<Url>>,
    pub tos_uri: Option<Localized<Url>>,
    pub jwks_uri: Option<Url>,
    pub jwks: Option<JsonWebKeySet<JsonWebKeyPublicParameters>>,
    pub software_id: Option<String>,
    pub software_version: Option<String>,
    pub sector_identifier_uri: Option<Url>,
    pub subject_type: Option<SubjectType>,
    pub token_endpoint_auth_method: Option<OAuthClientAuthenticationMethod>,
    pub token_endpoint_auth_signing_alg: Option<JsonWebSignatureAlg>,
    pub id_token_signed_response_alg: Option<JsonWebSignatureAlg>,
    pub id_token_encrypted_response_alg: Option<JsonWebEncryptionAlg>,
    pub id_token_encrypted_response_enc: Option<JsonWebEncryptionEnc>,
    pub userinfo_signed_response_alg: Option<JsonWebSignatureAlg>,
    pub userinfo_encrypted_response_alg: Option<JsonWebEncryptionAlg>,
    pub userinfo_encrypted_response_enc: Option<JsonWebEncryptionEnc>,
    pub request_object_signing_alg: Option<JsonWebSignatureAlg>,
    pub request_object_encryption_alg: Option<JsonWebEncryptionAlg>,
    pub request_object_encryption_enc: Option<JsonWebEncryptionEnc>,
    pub default_max_age: Option<TimeDelta>,
    pub require_auth_time: Option<bool>,
    pub default_acr_values: Option<Vec<String>>,
    pub initiate_login_uri: Option<Url>,
    pub request_uris: Option<Vec<Url>>,
    pub require_signed_request_object: Option<bool>,
    pub require_pushed_authorization_requests: Option<bool>,
    pub introspection_signed_response_alg: Option<JsonWebSignatureAlg>,
    pub introspection_encrypted_response_alg: Option<JsonWebEncryptionAlg>,
    pub introspection_encrypted_response_enc: Option<JsonWebEncryptionEnc>,
    pub post_logout_redirect_uris: Option<Vec<Url>>,
}

Client metadata, as described by the IANA registry.

All the fields with a default value are accessible via methods.

Fields

redirect_uris: Option<Vec<Url>>

Array of redirection URIs for use in redirect-based flows such as the authorization code flow.

All the URIs used by the client in an authorization request’s redirect_uri field must appear in this list.

This field is required and the URIs must not contain a fragment.

response_types: Option<Vec<ResponseType>>

Array of the OAuth 2.0 response_type values that the client can use at the authorization endpoint.

All the types used by the client in an authorization request’s response_type field must appear in this list.

Defaults to DEFAULT_RESPONSE_TYPES.

grant_types: Option<Vec<GrantType>>

Array of OAuth 2.0 grant_type values that the client can use at the token endpoint.

The possible grant types depend on the response types. Declaring support for a grant type that is not compatible with the supported response types will trigger an error during validation.

All the types used by the client in a token request’s grant_type field must appear in this list.

Defaults to DEFAULT_GRANT_TYPES.

application_type: Option<ApplicationType>

The kind of the application.

Defaults to DEFAULT_APPLICATION_TYPE.

contacts: Option<Vec<String>>

Array of e-mail addresses of people responsible for this client.

client_name: Option<Localized<String>>

Name of the client to be presented to the end-user during authorization.

logo_uri: Option<Localized<Url>>

URL that references a logo for the client application.

client_uri: Option<Localized<Url>>

URL of the home page of the client.

policy_uri: Option<Localized<Url>>

URL that the client provides to the end-user to read about the how the profile data will be used.

tos_uri: Option<Localized<Url>>

URL that the client provides to the end-user to read about the client’s terms of service.

jwks_uri: Option<Url>

URL for the client’s JWK Set document.

If the client signs requests to the server, it contains the signing key(s) the server uses to validate signatures from the client. The JWK Set may also contain the client’s encryption keys(s), which are used by the server to encrypt responses to the client.

This field is mutually exclusive with jwks.

jwks: Option<JsonWebKeySet<JsonWebKeyPublicParameters>>

Client’s JWK Set document, passed by value.

The semantics of this field are the same as jwks_uri, other than that the JWK Set is passed by value, rather than by reference.

This field is mutually exclusive with jwks_uri.

software_id: Option<String>

A unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.

It should remain the same for all instances and versions of the client software.

software_version: Option<String>

A version identifier string for the client software identified by software_id.

sector_identifier_uri: Option<Url>

URL to be used in calculating pseudonymous identifiers by the OpenID Connect provider when pairwise subject identifiers are used.

If present, this must use the https scheme.

subject_type: Option<SubjectType>

Subject type requested for responses to this client.

This field must match one of the supported types by the provider.

token_endpoint_auth_method: Option<OAuthClientAuthenticationMethod>

Requested client authentication method for the token endpoint.

If this is set to OAuthClientAuthenticationMethod::PrivateKeyJwt, one of the jwks_uri or jwks fields is required.

Defaults to DEFAULT_TOKEN_AUTH_METHOD.

token_endpoint_auth_signing_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm that must be used for signing the JWT used to authenticate the client at the token endpoint.

If this field is present, it must not be JsonWebSignatureAlg::None. This field is required if token_endpoint_auth_method is one of OAuthClientAuthenticationMethod::PrivateKeyJwt or OAuthClientAuthenticationMethod::ClientSecretJwt.

id_token_signed_response_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm required for signing the ID Token issued to this client.

If this field is present, it must not be JsonWebSignatureAlg::None, unless the client uses only response types that return no ID Token from the authorization endpoint.

Defaults to DEFAULT_SIGNING_ALGORITHM.

id_token_encrypted_response_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm required for encrypting the ID Token issued to this client.

This field is required if id_token_encrypted_response_enc is provided.

id_token_encrypted_response_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm required for encrypting the ID Token issued to this client.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if id_token_encrypted_response_alg is provided.

userinfo_signed_response_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm required for signing user info responses.

userinfo_encrypted_response_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm required for encrypting user info responses.

If userinfo_signed_response_alg is not provided, this field has no effect.

This field is required if userinfo_encrypted_response_enc is provided.

userinfo_encrypted_response_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm required for encrypting user info responses.

If userinfo_signed_response_alg is not provided, this field has no effect.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if userinfo_encrypted_response_alg is provided.

request_object_signing_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm that must be used for signing Request Objects sent to the provider.

Defaults to any algorithm supported by the client and the provider.

request_object_encryption_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm the client is declaring that it may use for encrypting Request Objects sent to the provider.

This field is required if request_object_encryption_enc is provided.

request_object_encryption_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm the client is declaring that it may use for encrypting Request Objects sent to the provider.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if request_object_encryption_alg is provided.

default_max_age: Option<TimeDelta>

Default maximum authentication age.

Specifies that the End-User must be actively authenticated if the end-user was authenticated longer ago than the specified number of seconds.

The max_age request parameter overrides this default value.

require_auth_time: Option<bool>

Whether the auth_time Claim in the ID Token is required.

Defaults to false.

default_acr_values: Option<Vec<String>>

Default requested Authentication Context Class Reference values.

initiate_login_uri: Option<Url>

URI that a third party can use to initiate a login by the client.

If present, this must use the https scheme.

request_uris: Option<Vec<Url>>

request_uri values that are pre-registered by the client for use at the provider.

Providers can require that request_uri values used be pre-registered with the require_request_uri_registration discovery parameter.

Servers MAY cache the contents of the files referenced by these URIs and not retrieve them at the time they are used in a request. If the contents of the request file could ever change, these URI values should include the base64url encoded SHA-256 hash value of the file contents referenced by the URI as the value of the URI fragment. If the fragment value used for a URI changes, that signals the server that its cached value for that URI with the old fragment value is no longer valid.

require_signed_request_object: Option<bool>

Whether the client will only send authorization requests as [Request Objects].

Defaults to false.

require_pushed_authorization_requests: Option<bool>

Whether the client will only send authorization requests via the pushed authorization request endpoint.

Defaults to false.

introspection_signed_response_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm for signing responses of the introspection endpoint.

introspection_encrypted_response_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm for encrypting responses of the introspection endpoint.

If introspection_signed_response_alg is not provided, this field has no effect.

This field is required if introspection_encrypted_response_enc is provided.

introspection_encrypted_response_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm for encrypting responses of the introspection endpoint.

If introspection_signed_response_alg is not provided, this field has no effect.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if introspection_encrypted_response_alg is provided.

post_logout_redirect_uris: Option<Vec<Url>>

post_logout_redirect_uri values that are pre-registered by the client for use at the provider’s RP-Initiated Logout endpoint.

Implementations

impl ClientMetadata

pub fn validate( self, ) -> Result<VerifiedClientMetadata, ClientMetadataVerificationError>

Validate this ClientMetadata according to the OpenID Connect Dynamic Client Registration Spec 1.0.

Errors

Will return Err if validation fails.

pub fn response_types(&self) -> Vec<ResponseType>

Array of the OAuth 2.0 response_type values that the client can use at the authorization endpoint.

All the types used by the client in an authorization request’s response_type field must appear in this list.

Defaults to DEFAULT_RESPONSE_TYPES.

pub fn grant_types(&self) -> &[GrantType]

Array of OAuth 2.0 grant_type values that the client can use at the token endpoint.

Note that the possible grant types depend on the response types.

All the types used by the client in a token request’s grant_type field must appear in this list.

Defaults to DEFAULT_GRANT_TYPES.

pub fn application_type(&self) -> ApplicationType

The kind of the application.

Defaults to DEFAULT_APPLICATION_TYPE.

pub fn token_endpoint_auth_method(&self) -> &OAuthClientAuthenticationMethod

Requested client authentication method for the token endpoint.

Defaults to DEFAULT_TOKEN_AUTH_METHOD.

pub fn id_token_signed_response_alg(&self) -> &JsonWebSignatureAlg

JWS alg algorithm required for signing the ID Token issued to this client.

If this field is present, it must not be JsonWebSignatureAlg::None, unless the client uses only response types that return no ID Token from the authorization endpoint.

Defaults to DEFAULT_SIGNING_ALGORITHM.

pub fn id_token_encrypted_response( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms required for encrypting the ID Token issued to this client.

Always returns Some if id_token_encrypted_response_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

pub fn userinfo_encrypted_response( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms required for encrypting user info responses.

Always returns Some if userinfo_encrypted_response_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

pub fn request_object_encryption( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms the client is declaring that it may use for encrypting Request Objects sent to the provider.

Always returns Some if request_object_encryption_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

pub fn require_auth_time(&self) -> bool

Whether the auth_time Claim in the ID Token is required.

Defaults to false.

pub fn require_signed_request_object(&self) -> bool

Whether the client will only send authorization requests as [Request Objects].

Defaults to false.

pub fn require_pushed_authorization_requests(&self) -> bool

Whether the client will only send authorization requests via the pushed authorization request endpoint.

Defaults to false.

pub fn introspection_encrypted_response( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms for encrypting responses of the introspection endpoint.

Always returns Some if introspection_encrypted_response_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

Trait Implementations

impl Clone for ClientMetadata

fn clone(&self) -> ClientMetadata

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ClientMetadata

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Default for ClientMetadata

fn default() -> ClientMetadata

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for ClientMetadata

fn deserialize<__D>( __deserializer: __D, ) -> Result<ClientMetadata, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl From<ClientMetadataSerdeHelper> for ClientMetadata

fn from(metadata: ClientMetadataSerdeHelper) -> ClientMetadata

Converts to this type from the input type.

impl PartialEq for ClientMetadata

fn eq(&self, other: &ClientMetadata) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for ClientMetadata

impl StructuralPartialEq for ClientMetadata