pub struct ProviderMetadata {Show 50 fields
pub issuer: Option<String>,
pub authorization_endpoint: Option<Url>,
pub token_endpoint: Option<Url>,
pub jwks_uri: Option<Url>,
pub registration_endpoint: Option<Url>,
pub scopes_supported: Option<Vec<String>>,
pub response_types_supported: Option<Vec<ResponseType>>,
pub response_modes_supported: Option<Vec<ResponseMode>>,
pub grant_types_supported: Option<Vec<GrantType>>,
pub token_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>,
pub token_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
pub service_documentation: Option<Url>,
pub ui_locales_supported: Option<Vec<LanguageTag>>,
pub op_policy_uri: Option<Url>,
pub op_tos_uri: Option<Url>,
pub revocation_endpoint: Option<Url>,
pub revocation_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>,
pub revocation_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
pub introspection_endpoint: Option<Url>,
pub introspection_endpoint_auth_methods_supported: Option<Vec<AuthenticationMethodOrAccessTokenType>>,
pub introspection_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
pub code_challenge_methods_supported: Option<Vec<PkceCodeChallengeMethod>>,
pub userinfo_endpoint: Option<Url>,
pub acr_values_supported: Option<Vec<String>>,
pub subject_types_supported: Option<Vec<SubjectType>>,
pub id_token_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
pub id_token_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>,
pub id_token_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>,
pub userinfo_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
pub userinfo_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>,
pub userinfo_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>,
pub request_object_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>,
pub request_object_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>,
pub request_object_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>,
pub display_values_supported: Option<Vec<Display>>,
pub claim_types_supported: Option<Vec<ClaimType>>,
pub claims_supported: Option<Vec<String>>,
pub claims_locales_supported: Option<Vec<LanguageTag>>,
pub claims_parameter_supported: Option<bool>,
pub request_parameter_supported: Option<bool>,
pub request_uri_parameter_supported: Option<bool>,
pub require_request_uri_registration: Option<bool>,
pub require_signed_request_object: Option<bool>,
pub pushed_authorization_request_endpoint: Option<Url>,
pub require_pushed_authorization_requests: Option<bool>,
pub prompt_values_supported: Option<Vec<Prompt>>,
pub device_authorization_endpoint: Option<Url>,
pub end_session_endpoint: Option<Url>,
pub account_management_uri: Option<Url>,
pub account_management_actions_supported: Option<Vec<AccountManagementAction>>,
}
Expand description
Authorization server metadata, as described by the IANA registry.
All the fields with a default value are accessible via methods.
Fields§
§issuer: Option<String>
Authorization server’s issuer identifier URL.
This field is required. The URL must use a https
scheme, and must not
contain a query or fragment. It must match the one used to build the
well-known URI to query this metadata.
URL of the authorization server’s authorization endpoint.
This field is required. The URL must use a https
scheme, and must not
contain a fragment.
token_endpoint: Option<Url>
URL of the authorization server’s token endpoint.
This field is required. The URL must use a https
scheme, and must not
contain a fragment.
jwks_uri: Option<Url>
URL of the authorization server’s JWK Set document.
This field is required. The URL must use a https
scheme.
registration_endpoint: Option<Url>
URL of the authorization server’s OAuth 2.0 Dynamic Client Registration endpoint.
If this field is present, the URL must use a https
scheme.
scopes_supported: Option<Vec<String>>
JSON array containing a list of the OAuth 2.0 scope
values that this
authorization server supports.
If this field is present, it must contain at least the openid
scope
value.
response_types_supported: Option<Vec<ResponseType>>
JSON array containing a list of the OAuth 2.0 response_type
values
that this authorization server supports.
This field is required.
response_modes_supported: Option<Vec<ResponseMode>>
JSON array containing a list of the OAuth 2.0 response_mode
values
that this authorization server supports.
Defaults to DEFAULT_RESPONSE_MODES_SUPPORTED
.
grant_types_supported: Option<Vec<GrantType>>
JSON array containing a list of the OAuth 2.0 grant_type
values that
this authorization server supports.
Defaults to DEFAULT_GRANT_TYPES_SUPPORTED
.
token_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>
JSON array containing a list of client authentication methods supported by this token endpoint.
Defaults to DEFAULT_AUTH_METHODS_SUPPORTED
.
token_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>
JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client at the token endpoint.
If this field is present, it must not contain
[JsonWebSignatureAlg::None
]. This field is required if
token_endpoint_auth_methods_supported
contains
[OAuthClientAuthenticationMethod::PrivateKeyJwt
] or
[OAuthClientAuthenticationMethod::ClientSecretJwt
].
service_documentation: Option<Url>
URL of a page containing human-readable information that developers might want or need to know when using the authorization server.
ui_locales_supported: Option<Vec<LanguageTag>>
Languages and scripts supported for the user interface, represented as a JSON array of language tag values from BCP 47.
If omitted, the set of supported languages and scripts is unspecified.
op_policy_uri: Option<Url>
URL that the authorization server provides to the person registering the client to read about the authorization server’s requirements on how the client can use the data provided by the authorization server.
op_tos_uri: Option<Url>
URL that the authorization server provides to the person registering the client to read about the authorization server’s terms of service.
revocation_endpoint: Option<Url>
URL of the authorization server’s OAuth 2.0 revocation endpoint.
If this field is present, the URL must use a https
scheme, and must
not contain a fragment.
revocation_endpoint_auth_methods_supported: Option<Vec<OAuthClientAuthenticationMethod>>
JSON array containing a list of client authentication methods supported by this revocation endpoint.
Defaults to DEFAULT_AUTH_METHODS_SUPPORTED
.
revocation_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>
JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client at the revocation endpoint.
If this field is present, it must not contain
[JsonWebSignatureAlg::None
]. This field is required if
revocation_endpoint_auth_methods_supported
contains
[OAuthClientAuthenticationMethod::PrivateKeyJwt
] or
[OAuthClientAuthenticationMethod::ClientSecretJwt
].
introspection_endpoint: Option<Url>
URL of the authorization server’s OAuth 2.0 introspection endpoint.
If this field is present, the URL must use a https
scheme.
introspection_endpoint_auth_methods_supported: Option<Vec<AuthenticationMethodOrAccessTokenType>>
JSON array containing a list of client authentication methods or token types supported by this introspection endpoint.
introspection_endpoint_auth_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>
JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client at the introspection endpoint.
If this field is present, it must not contain
[JsonWebSignatureAlg::None
]. This field is required if
intospection_endpoint_auth_methods_supported
contains
[OAuthClientAuthenticationMethod::PrivateKeyJwt
] or
[OAuthClientAuthenticationMethod::ClientSecretJwt
].
code_challenge_methods_supported: Option<Vec<PkceCodeChallengeMethod>>
[PKCE code challenge methods] supported by this authorization server. If omitted, the authorization server does not support PKCE.
userinfo_endpoint: Option<Url>
URL of the OP’s UserInfo Endpoint.
acr_values_supported: Option<Vec<String>>
JSON array containing a list of the Authentication Context Class References that this OP supports.
subject_types_supported: Option<Vec<SubjectType>>
JSON array containing a list of the Subject Identifier types that this OP supports.
This field is required.
id_token_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>
JSON array containing a list of the JWS signing algorithms (alg
values) supported by the OP for the ID Token.
This field is required.
id_token_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>
JSON array containing a list of the JWE encryption algorithms (alg
values) supported by the OP for the ID Token.
id_token_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>
JSON array containing a list of the JWE encryption algorithms (enc
values) supported by the OP for the ID Token.
userinfo_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>
JSON array containing a list of the JWS signing algorithms (alg
values) supported by the UserInfo Endpoint.
userinfo_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>
JSON array containing a list of the JWE encryption algorithms (alg
values) supported by the UserInfo Endpoint.
userinfo_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>
JSON array containing a list of the JWE encryption algorithms (enc
values) supported by the UserInfo Endpoint.
request_object_signing_alg_values_supported: Option<Vec<JsonWebSignatureAlg>>
JSON array containing a list of the JWS signing algorithms (alg
values) supported by the OP for Request Objects.
request_object_encryption_alg_values_supported: Option<Vec<JsonWebEncryptionAlg>>
JSON array containing a list of the JWE encryption algorithms (alg
values) supported by the OP for Request Objects.
request_object_encryption_enc_values_supported: Option<Vec<JsonWebEncryptionEnc>>
JSON array containing a list of the JWE encryption algorithms (enc
values) supported by the OP for Request Objects.
display_values_supported: Option<Vec<Display>>
JSON array containing a list of the “display” parameter values that the OpenID Provider supports.
claim_types_supported: Option<Vec<ClaimType>>
JSON array containing a list of the Claim Types that the OpenID Provider supports.
Defaults to DEFAULT_CLAIM_TYPES_SUPPORTED
.
claims_supported: Option<Vec<String>>
JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for.
claims_locales_supported: Option<Vec<LanguageTag>>
Languages and scripts supported for values in Claims being returned, represented as a JSON array of BCP 47 language tag values.
claims_parameter_supported: Option<bool>
Boolean value specifying whether the OP supports use of the claims
parameter.
Defaults to false
.
request_parameter_supported: Option<bool>
Boolean value specifying whether the OP supports use of the request
parameter.
Defaults to false
.
request_uri_parameter_supported: Option<bool>
Boolean value specifying whether the OP supports use of the
request_uri
parameter.
Defaults to true
.
require_request_uri_registration: Option<bool>
Boolean value specifying whether the OP requires any request_uri
values used to be pre-registered.
Defaults to false
.
require_signed_request_object: Option<bool>
Indicates where authorization request needs to be protected as Request Object and provided through either request or request_uri parameter.
Defaults to false
.
URL of the authorization server’s pushed authorization request endpoint.
Indicates whether the authorization server accepts authorization requests only via PAR.
Defaults to false
.
prompt_values_supported: Option<Vec<Prompt>>
Array containing the list of prompt values that this OP supports.
This field can be used to detect if the OP supports the prompt
create
value.
URL of the authorization server’s device authorization endpoint.
end_session_endpoint: Option<Url>
URL of the authorization server’s RP-Initiated Logout endpoint.
account_management_uri: Option<Url>
URL where the user is able to access the account management capabilities of this OP.
This is a Matrix extension introduced in MSC2965.
account_management_actions_supported: Option<Vec<AccountManagementAction>>
Array of actions that the account management URL supports.
This is a Matrix extension introduced in MSC2965.
Implementations§
source§impl ProviderMetadata
impl ProviderMetadata
sourcepub fn validate(
self,
issuer: &str,
) -> Result<VerifiedProviderMetadata, ProviderMetadataVerificationError>
pub fn validate( self, issuer: &str, ) -> Result<VerifiedProviderMetadata, ProviderMetadataVerificationError>
Validate this ProviderMetadata
according to the OpenID Connect
Discovery Spec 1.0.
§Parameters
issuer
: The issuer that was discovered to get thisProviderMetadata
.
§Errors
Will return Err
if validation fails.
sourcepub fn insecure_verify_metadata(
self,
) -> Result<VerifiedProviderMetadata, ProviderMetadataVerificationError>
pub fn insecure_verify_metadata( self, ) -> Result<VerifiedProviderMetadata, ProviderMetadataVerificationError>
Verify this ProviderMetadata
.
Contrary to ProviderMetadata::validate()
, it only checks that the
required fields are present.
This can be used during development to test against a local OpenID Provider, for example.
§Parameters
issuer
: The issuer that was discovered to get thisProviderMetadata
.
§Errors
Will return Err
if a required field is missing.
§Warning
It is not recommended to use this method in production as it doesn’t ensure that the issuer implements the proper security practices.
sourcepub fn response_modes_supported(&self) -> &[ResponseMode]
pub fn response_modes_supported(&self) -> &[ResponseMode]
JSON array containing a list of the OAuth 2.0 response_mode
values
that this authorization server supports.
Defaults to DEFAULT_RESPONSE_MODES_SUPPORTED
.
sourcepub fn grant_types_supported(&self) -> &[GrantType]
pub fn grant_types_supported(&self) -> &[GrantType]
JSON array containing a list of the OAuth 2.0 grant type values that this authorization server supports.
Defaults to DEFAULT_GRANT_TYPES_SUPPORTED
.
sourcepub fn token_endpoint_auth_methods_supported(
&self,
) -> &[OAuthClientAuthenticationMethod]
pub fn token_endpoint_auth_methods_supported( &self, ) -> &[OAuthClientAuthenticationMethod]
JSON array containing a list of client authentication methods supported by the token endpoint.
Defaults to DEFAULT_AUTH_METHODS_SUPPORTED
.
sourcepub fn revocation_endpoint_auth_methods_supported(
&self,
) -> &[OAuthClientAuthenticationMethod]
pub fn revocation_endpoint_auth_methods_supported( &self, ) -> &[OAuthClientAuthenticationMethod]
JSON array containing a list of client authentication methods supported by the revocation endpoint.
Defaults to DEFAULT_AUTH_METHODS_SUPPORTED
.
sourcepub fn claim_types_supported(&self) -> &[ClaimType]
pub fn claim_types_supported(&self) -> &[ClaimType]
JSON array containing a list of the Claim Types that the OpenID Provider supports.
Defaults to DEFAULT_CLAIM_TYPES_SUPPORTED
.
sourcepub fn claims_parameter_supported(&self) -> bool
pub fn claims_parameter_supported(&self) -> bool
Boolean value specifying whether the OP supports use of the claims
parameter.
Defaults to false
.
sourcepub fn request_parameter_supported(&self) -> bool
pub fn request_parameter_supported(&self) -> bool
Boolean value specifying whether the OP supports use of the request
parameter.
Defaults to false
.
sourcepub fn request_uri_parameter_supported(&self) -> bool
pub fn request_uri_parameter_supported(&self) -> bool
Boolean value specifying whether the OP supports use of the
request_uri
parameter.
Defaults to true
.
sourcepub fn require_request_uri_registration(&self) -> bool
pub fn require_request_uri_registration(&self) -> bool
Boolean value specifying whether the OP requires any request_uri
values used to be pre-registered.
Defaults to false
.
sourcepub fn require_signed_request_object(&self) -> bool
pub fn require_signed_request_object(&self) -> bool
Indicates where authorization request needs to be protected as Request
Object and provided through either request
or request_uri
parameter.
Defaults to false
.
Indicates whether the authorization server accepts authorization requests only via PAR.
Defaults to false
.
Trait Implementations§
source§impl Clone for ProviderMetadata
impl Clone for ProviderMetadata
source§fn clone(&self) -> ProviderMetadata
fn clone(&self) -> ProviderMetadata
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for ProviderMetadata
impl Debug for ProviderMetadata
source§impl Default for ProviderMetadata
impl Default for ProviderMetadata
source§fn default() -> ProviderMetadata
fn default() -> ProviderMetadata
source§impl<'de> Deserialize<'de> for ProviderMetadata
impl<'de> Deserialize<'de> for ProviderMetadata
source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Auto Trait Implementations§
impl Freeze for ProviderMetadata
impl RefUnwindSafe for ProviderMetadata
impl Send for ProviderMetadata
impl Sync for ProviderMetadata
impl Unpin for ProviderMetadata
impl UnwindSafe for ProviderMetadata
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more