Struct oauth2_types::oidc::ProviderMetadata

source · 
pub struct ProviderMetadata {
Show 50 fields
    pub issuer: Option<String>,
    pub authorization_endpoint: Option<Url>,
    pub token_endpoint: Option<Url>,
    pub jwks_uri: Option<Url>,
    pub registration_endpoint: Option<Url>,
    pub scopes_supported: Option<Vec<String>>,
    pub response_types_supported: Option<Vec<ResponseType>>,
    pub response_modes_supported: Option<Vec<ResponseMode>>,
    pub grant_types_supported: Option<Vec<GrantType>>,
    pub token_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>,
    pub token_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
    pub service_documentation: Option<Url>,
    pub ui_locales_supported: Option<Vec<LanguageTag>>,
    pub op_policy_uri: Option<Url>,
    pub op_tos_uri: Option<Url>,
    pub revocation_endpoint: Option<Url>,
    pub revocation_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>,
    pub revocation_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
    pub introspection_endpoint: Option<Url>,
    pub introspection_endpoint_auth_methods_supported: Option<Vec<AuthenticationMethodOrAccessTokenType>>,
    pub introspection_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
    pub code_challenge_methods_supported: Option<Vec<PkceCodeChallengeMethod>>,
    pub userinfo_endpoint: Option<Url>,
    pub acr_values_supported: Option<Vec<String>>,
    pub subject_types_supported: Option<Vec<SubjectType>>,
    pub id_token_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
    pub id_token_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>,
    pub id_token_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>,
    pub userinfo_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
    pub userinfo_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>,
    pub userinfo_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>,
    pub request_object_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
    pub request_object_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>,
    pub request_object_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>,
    pub display_values_supported: Option<Vec<Display>>,
    pub claim_types_supported: Option<Vec<ClaimType>>,
    pub claims_supported: Option<Vec<String>>,
    pub claims_locales_supported: Option<Vec<LanguageTag>>,
    pub claims_parameter_supported: Option<bool>,
    pub request_parameter_supported: Option<bool>,
    pub request_uri_parameter_supported: Option<bool>,
    pub require_request_uri_registration: Option<bool>,
    pub require_signed_request_object: Option<bool>,
    pub pushed_authorization_request_endpoint: Option<Url>,
    pub require_pushed_authorization_requests: Option<bool>,
    pub prompt_values_supported: Option<Vec<Prompt>>,
    pub device_authorization_endpoint: Option<Url>,
    pub end_session_endpoint: Option<Url>,
    pub account_management_uri: Option<Url>,
    pub account_management_actions_supported: Option<Vec<AccountManagementAction>>,

}
Expand description

Authorization server metadata, as described by the IANA registry.

All the fields with a default value are accessible via methods.

Fields§

§issuer: Option<String>

Authorization server’s issuer identifier URL.

This field is required. The URL must use a https scheme, and must not contain a query or fragment. It must match the one used to build the well-known URI to query this metadata.

§authorization_endpoint: Option<Url>

URL of the authorization server’s authorization endpoint.

This field is required. The URL must use a https scheme, and must not contain a fragment.

§token_endpoint: Option<Url>

URL of the authorization server’s token endpoint.

This field is required. The URL must use a https scheme, and must not contain a fragment.

§jwks_uri: Option<Url>

URL of the authorization server’s JWK Set document.

This field is required. The URL must use a https scheme.

§registration_endpoint: Option<Url>

URL of the authorization server’s OAuth 2.0 Dynamic Client Registration endpoint.

If this field is present, the URL must use a https scheme.

§scopes_supported: Option<Vec<String>>

JSON array containing a list of the OAuth 2.0 scope values that this authorization server supports.

If this field is present, it must contain at least the openid scope value.

§response_types_supported: Option<Vec<ResponseType>>

JSON array containing a list of the OAuth 2.0 response_type values that this authorization server supports.

This field is required.

§response_modes_supported: Option<Vec<ResponseMode>>

JSON array containing a list of the OAuth 2.0 response_mode values that this authorization server supports.

Defaults to DEFAULT_RESPONSE_MODES_SUPPORTED.

§grant_types_supported: Option<Vec<GrantType>>

JSON array containing a list of the OAuth 2.0 grant_type values that this authorization server supports.

Defaults to DEFAULT_GRANT_TYPES_SUPPORTED.

§token_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>

JSON array containing a list of client authentication methods supported by this token endpoint.

Defaults to DEFAULT_AUTH_METHODS_SUPPORTED.

§token_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>

JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client at the token endpoint.

If this field is present, it must not contain [JsonWebSignatureAlg::None]. This field is required if token_endpoint_auth_methods_supported contains [OAuthClientAuthenticationMethod::PrivateKeyJwt] or [OAuthClientAuthenticationMethod::ClientSecretJwt].

§service_documentation: Option<Url>

URL of a page containing human-readable information that developers might want or need to know when using the authorization server.

§ui_locales_supported: Option<Vec<LanguageTag>>

Languages and scripts supported for the user interface, represented as a JSON array of language tag values from BCP 47.

If omitted, the set of supported languages and scripts is unspecified.

§op_policy_uri: Option<Url>

URL that the authorization server provides to the person registering the client to read about the authorization server’s requirements on how the client can use the data provided by the authorization server.

§op_tos_uri: Option<Url>

URL that the authorization server provides to the person registering the client to read about the authorization server’s terms of service.

§revocation_endpoint: Option<Url>

URL of the authorization server’s OAuth 2.0 revocation endpoint.

If this field is present, the URL must use a https scheme, and must not contain a fragment.

§revocation_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>

JSON array containing a list of client authentication methods supported by this revocation endpoint.

Defaults to DEFAULT_AUTH_METHODS_SUPPORTED.

§revocation_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>

JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client at the revocation endpoint.

If this field is present, it must not contain [JsonWebSignatureAlg::None]. This field is required if revocation_endpoint_auth_methods_supported contains [OAuthClientAuthenticationMethod::PrivateKeyJwt] or [OAuthClientAuthenticationMethod::ClientSecretJwt].

§introspection_endpoint: Option<Url>

URL of the authorization server’s OAuth 2.0 introspection endpoint.

If this field is present, the URL must use a https scheme.

§introspection_endpoint_auth_methods_supported: Option<Vec<AuthenticationMethodOrAccessTokenType>>

JSON array containing a list of client authentication methods or token types supported by this introspection endpoint.

§introspection_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>

JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client at the introspection endpoint.

If this field is present, it must not contain [JsonWebSignatureAlg::None]. This field is required if intospection_endpoint_auth_methods_supported contains [OAuthClientAuthenticationMethod::PrivateKeyJwt] or [OAuthClientAuthenticationMethod::ClientSecretJwt].

§code_challenge_methods_supported: Option<Vec<PkceCodeChallengeMethod>>

[PKCE code challenge methods] supported by this authorization server. If omitted, the authorization server does not support PKCE.

§userinfo_endpoint: Option<Url>

URL of the OP’s UserInfo Endpoint.

§acr_values_supported: Option<Vec<String>>

JSON array containing a list of the Authentication Context Class References that this OP supports.

§subject_types_supported: Option<Vec<SubjectType>>

JSON array containing a list of the Subject Identifier types that this OP supports.

This field is required.

§id_token_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>

JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token.

This field is required.

§id_token_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>

JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for the ID Token.

§id_token_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>

JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for the ID Token.

§userinfo_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>

JSON array containing a list of the JWS signing algorithms (alg values) supported by the UserInfo Endpoint.

§userinfo_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>

JSON array containing a list of the JWE encryption algorithms (alg values) supported by the UserInfo Endpoint.

§userinfo_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>

JSON array containing a list of the JWE encryption algorithms (enc values) supported by the UserInfo Endpoint.

§request_object_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>

JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects.

§request_object_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>

JSON array containing a list of the JWE encryption algorithms (alg values) supported by the OP for Request Objects.

§request_object_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>

JSON array containing a list of the JWE encryption algorithms (enc values) supported by the OP for Request Objects.

§display_values_supported: Option<Vec<Display>>

JSON array containing a list of the “display” parameter values that the OpenID Provider supports.

§claim_types_supported: Option<Vec<ClaimType>>

JSON array containing a list of the Claim Types that the OpenID Provider supports.

Defaults to DEFAULT_CLAIM_TYPES_SUPPORTED.

§claims_supported: Option<Vec<String>>

JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for.

§claims_locales_supported: Option<Vec<LanguageTag>>

Languages and scripts supported for values in Claims being returned, represented as a JSON array of BCP 47 language tag values.

§claims_parameter_supported: Option<bool>

Boolean value specifying whether the OP supports use of the claims parameter.

Defaults to false.

§request_parameter_supported: Option<bool>

Boolean value specifying whether the OP supports use of the request parameter.

Defaults to false.

§request_uri_parameter_supported: Option<bool>

Boolean value specifying whether the OP supports use of the request_uri parameter.

Defaults to true.

§require_request_uri_registration: Option<bool>

Boolean value specifying whether the OP requires any request_uri values used to be pre-registered.

Defaults to false.

§require_signed_request_object: Option<bool>

Indicates where authorization request needs to be protected as Request Object and provided through either request or request_uri parameter.

Defaults to false.

§pushed_authorization_request_endpoint: Option<Url>

URL of the authorization server’s pushed authorization request endpoint.

§require_pushed_authorization_requests: Option<bool>

Indicates whether the authorization server accepts authorization requests only via PAR.

Defaults to false.

§prompt_values_supported: Option<Vec<Prompt>>

Array containing the list of prompt values that this OP supports.

This field can be used to detect if the OP supports the prompt create value.

§device_authorization_endpoint: Option<Url>

URL of the authorization server’s device authorization endpoint.

§end_session_endpoint: Option<Url>

URL of the authorization server’s RP-Initiated Logout endpoint.

§account_management_uri: Option<Url>

URL where the user is able to access the account management capabilities of this OP.

This is a Matrix extension introduced in MSC2965.

§account_management_actions_supported: Option<Vec<AccountManagementAction>>

Array of actions that the account management URL supports.

This is a Matrix extension introduced in MSC2965.

Implementations§

source§

impl ProviderMetadata

source

pub fn validate( self, issuer: &str, ) -> Result<VerifiedProviderMetadata, ProviderMetadataVerificationError>

Validate this ProviderMetadata according to the OpenID Connect Discovery Spec 1.0.

§Parameters
  • issuer: The issuer that was discovered to get this ProviderMetadata.
§Errors

Will return Err if validation fails.

source

pub fn insecure_verify_metadata( self, ) -> Result<VerifiedProviderMetadata, ProviderMetadataVerificationError>

Verify this ProviderMetadata.

Contrary to ProviderMetadata::validate(), it only checks that the required fields are present.

This can be used during development to test against a local OpenID Provider, for example.

§Parameters
  • issuer: The issuer that was discovered to get this ProviderMetadata.
§Errors

Will return Err if a required field is missing.

§Warning

It is not recommended to use this method in production as it doesn’t ensure that the issuer implements the proper security practices.

source

pub fn response_modes_supported(&self) -> &[ResponseMode]

JSON array containing a list of the OAuth 2.0 response_mode values that this authorization server supports.

Defaults to DEFAULT_RESPONSE_MODES_SUPPORTED.

source

pub fn grant_types_supported(&self) -> &[GrantType]

JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports.

Defaults to DEFAULT_GRANT_TYPES_SUPPORTED.

source

pub fn token_endpoint_auth_methods_supported( &self, ) -> &[OAuthClientAuthenticationMethod]

JSON array containing a list of client authentication methods supported by the token endpoint.

Defaults to DEFAULT_AUTH_METHODS_SUPPORTED.

source

pub fn revocation_endpoint_auth_methods_supported( &self, ) -> &[OAuthClientAuthenticationMethod]

JSON array containing a list of client authentication methods supported by the revocation endpoint.

Defaults to DEFAULT_AUTH_METHODS_SUPPORTED.

source

pub fn claim_types_supported(&self) -> &[ClaimType]

JSON array containing a list of the Claim Types that the OpenID Provider supports.

Defaults to DEFAULT_CLAIM_TYPES_SUPPORTED.

source

pub fn claims_parameter_supported(&self) -> bool

Boolean value specifying whether the OP supports use of the claims parameter.

Defaults to false.

source

pub fn request_parameter_supported(&self) -> bool

Boolean value specifying whether the OP supports use of the request parameter.

Defaults to false.

source

pub fn request_uri_parameter_supported(&self) -> bool

Boolean value specifying whether the OP supports use of the request_uri parameter.

Defaults to true.

source

pub fn require_request_uri_registration(&self) -> bool

Boolean value specifying whether the OP requires any request_uri values used to be pre-registered.

Defaults to false.

source

pub fn require_signed_request_object(&self) -> bool

Indicates where authorization request needs to be protected as Request Object and provided through either request or request_uri parameter.

Defaults to false.

source

pub fn require_pushed_authorization_requests(&self) -> bool

Indicates whether the authorization server accepts authorization requests only via PAR.

Defaults to false.

Trait Implementations§

source§

impl Clone for ProviderMetadata

source§

fn clone(&self) -> ProviderMetadata

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ProviderMetadata

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for ProviderMetadata

source§

fn default() -> ProviderMetadata

Returns the “default value” for a type. Read more
source§

impl<'de> Deserialize<'de> for ProviderMetadata

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl Serialize for ProviderMetadata

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> DynClone for T
where T: Clone,

source§

fn __clone_box(&self, _: Private) -> *mut ()

source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T> Pointable for T

source§

const ALIGN: usize = _

The alignment of pointer.
source§

type Init = T

The type for initializers.
source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V

source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,