oauth2_types::registration

Struct ClientMetadata

source
pub struct ClientMetadata {
Show 38 fields pub redirect_uris: Option<Vec<Url>>, pub response_types: Option<Vec<ResponseType>>, pub grant_types: Option<Vec<GrantType>>, pub application_type: Option<ApplicationType>, pub contacts: Option<Vec<String>>, pub client_name: Option<Localized<String>>, pub logo_uri: Option<Localized<Url>>, pub client_uri: Option<Localized<Url>>, pub policy_uri: Option<Localized<Url>>, pub tos_uri: Option<Localized<Url>>, pub jwks_uri: Option<Url>, pub jwks: Option<PublicJsonWebKeySet>, pub software_id: Option<String>, pub software_version: Option<String>, pub sector_identifier_uri: Option<Url>, pub subject_type: Option<SubjectType>, pub token_endpoint_auth_method: Option<OAuthClientAuthenticationMethod>, pub token_endpoint_auth_signing_alg: Option<JsonWebSignatureAlg>, pub id_token_signed_response_alg: Option<JsonWebSignatureAlg>, pub id_token_encrypted_response_alg: Option<JsonWebEncryptionAlg>, pub id_token_encrypted_response_enc: Option<JsonWebEncryptionEnc>, pub userinfo_signed_response_alg: Option<JsonWebSignatureAlg>, pub userinfo_encrypted_response_alg: Option<JsonWebEncryptionAlg>, pub userinfo_encrypted_response_enc: Option<JsonWebEncryptionEnc>, pub request_object_signing_alg: Option<JsonWebSignatureAlg>, pub request_object_encryption_alg: Option<JsonWebEncryptionAlg>, pub request_object_encryption_enc: Option<JsonWebEncryptionEnc>, pub default_max_age: Option<Duration>, pub require_auth_time: Option<bool>, pub default_acr_values: Option<Vec<String>>, pub initiate_login_uri: Option<Url>, pub request_uris: Option<Vec<Url>>, pub require_signed_request_object: Option<bool>, pub require_pushed_authorization_requests: Option<bool>, pub introspection_signed_response_alg: Option<JsonWebSignatureAlg>, pub introspection_encrypted_response_alg: Option<JsonWebEncryptionAlg>, pub introspection_encrypted_response_enc: Option<JsonWebEncryptionEnc>, pub post_logout_redirect_uris: Option<Vec<Url>>,
}
Expand description

Client metadata, as described by the IANA registry.

All the fields with a default value are accessible via methods.

Fields§

§redirect_uris: Option<Vec<Url>>

Array of redirection URIs for use in redirect-based flows such as the authorization code flow.

All the URIs used by the client in an authorization request’s redirect_uri field must appear in this list.

This field is required and the URIs must not contain a fragment.

§response_types: Option<Vec<ResponseType>>

Array of the OAuth 2.0 response_type values that the client can use at the authorization endpoint.

All the types used by the client in an authorization request’s response_type field must appear in this list.

Defaults to DEFAULT_RESPONSE_TYPES.

§grant_types: Option<Vec<GrantType>>

Array of OAuth 2.0 grant_type values that the client can use at the token endpoint.

The possible grant types depend on the response types. Declaring support for a grant type that is not compatible with the supported response types will trigger an error during validation.

All the types used by the client in a token request’s grant_type field must appear in this list.

Defaults to DEFAULT_GRANT_TYPES.

§application_type: Option<ApplicationType>

The kind of the application.

Defaults to DEFAULT_APPLICATION_TYPE.

§contacts: Option<Vec<String>>

Array of e-mail addresses of people responsible for this client.

§client_name: Option<Localized<String>>

Name of the client to be presented to the end-user during authorization.

§logo_uri: Option<Localized<Url>>

URL that references a logo for the client application.

§client_uri: Option<Localized<Url>>

URL of the home page of the client.

§policy_uri: Option<Localized<Url>>

URL that the client provides to the end-user to read about the how the profile data will be used.

§tos_uri: Option<Localized<Url>>

URL that the client provides to the end-user to read about the client’s terms of service.

§jwks_uri: Option<Url>

URL for the client’s JWK Set document.

If the client signs requests to the server, it contains the signing key(s) the server uses to validate signatures from the client. The JWK Set may also contain the client’s encryption keys(s), which are used by the server to encrypt responses to the client.

This field is mutually exclusive with jwks.

§jwks: Option<PublicJsonWebKeySet>

Client’s JWK Set document, passed by value.

The semantics of this field are the same as jwks_uri, other than that the JWK Set is passed by value, rather than by reference.

This field is mutually exclusive with jwks_uri.

§software_id: Option<String>

A unique identifier string assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered.

It should remain the same for all instances and versions of the client software.

§software_version: Option<String>

A version identifier string for the client software identified by software_id.

§sector_identifier_uri: Option<Url>

URL to be used in calculating pseudonymous identifiers by the OpenID Connect provider when pairwise subject identifiers are used.

If present, this must use the https scheme.

§subject_type: Option<SubjectType>

Subject type requested for responses to this client.

This field must match one of the supported types by the provider.

§token_endpoint_auth_method: Option<OAuthClientAuthenticationMethod>

Requested client authentication method for the token endpoint.

If this is set to [OAuthClientAuthenticationMethod::PrivateKeyJwt], one of the jwks_uri or jwks fields is required.

Defaults to DEFAULT_TOKEN_AUTH_METHOD.

§token_endpoint_auth_signing_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm that must be used for signing the JWT used to authenticate the client at the token endpoint.

If this field is present, it must not be [JsonWebSignatureAlg::None]. This field is required if token_endpoint_auth_method is one of [OAuthClientAuthenticationMethod::PrivateKeyJwt] or [OAuthClientAuthenticationMethod::ClientSecretJwt].

§id_token_signed_response_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm required for signing the ID Token issued to this client.

If this field is present, it must not be [JsonWebSignatureAlg::None], unless the client uses only response types that return no ID Token from the authorization endpoint.

Defaults to DEFAULT_SIGNING_ALGORITHM.

§id_token_encrypted_response_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm required for encrypting the ID Token issued to this client.

This field is required if id_token_encrypted_response_enc is provided.

§id_token_encrypted_response_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm required for encrypting the ID Token issued to this client.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if id_token_encrypted_response_alg is provided.

§userinfo_signed_response_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm required for signing user info responses.

§userinfo_encrypted_response_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm required for encrypting user info responses.

If userinfo_signed_response_alg is not provided, this field has no effect.

This field is required if userinfo_encrypted_response_enc is provided.

§userinfo_encrypted_response_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm required for encrypting user info responses.

If userinfo_signed_response_alg is not provided, this field has no effect.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if userinfo_encrypted_response_alg is provided.

§request_object_signing_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm that must be used for signing Request Objects sent to the provider.

Defaults to any algorithm supported by the client and the provider.

§request_object_encryption_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm the client is declaring that it may use for encrypting Request Objects sent to the provider.

This field is required if request_object_encryption_enc is provided.

§request_object_encryption_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm the client is declaring that it may use for encrypting Request Objects sent to the provider.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if request_object_encryption_alg is provided.

§default_max_age: Option<Duration>

Default maximum authentication age.

Specifies that the End-User must be actively authenticated if the end-user was authenticated longer ago than the specified number of seconds.

The max_age request parameter overrides this default value.

§require_auth_time: Option<bool>

Whether the auth_time Claim in the ID Token is required.

Defaults to false.

§default_acr_values: Option<Vec<String>>

Default requested Authentication Context Class Reference values.

§initiate_login_uri: Option<Url>

URI that a third party can use to initiate a login by the client.

If present, this must use the https scheme.

§request_uris: Option<Vec<Url>>

request_uri values that are pre-registered by the client for use at the provider.

Providers can require that request_uri values used be pre-registered with the require_request_uri_registration discovery parameter.

Servers MAY cache the contents of the files referenced by these URIs and not retrieve them at the time they are used in a request. If the contents of the request file could ever change, these URI values should include the base64url encoded SHA-256 hash value of the file contents referenced by the URI as the value of the URI fragment. If the fragment value used for a URI changes, that signals the server that its cached value for that URI with the old fragment value is no longer valid.

§require_signed_request_object: Option<bool>

Whether the client will only send authorization requests as [Request Objects].

Defaults to false.

§require_pushed_authorization_requests: Option<bool>

Whether the client will only send authorization requests via the pushed authorization request endpoint.

Defaults to false.

§introspection_signed_response_alg: Option<JsonWebSignatureAlg>

JWS alg algorithm for signing responses of the introspection endpoint.

§introspection_encrypted_response_alg: Option<JsonWebEncryptionAlg>

JWE alg algorithm for encrypting responses of the introspection endpoint.

If introspection_signed_response_alg is not provided, this field has no effect.

This field is required if introspection_encrypted_response_enc is provided.

§introspection_encrypted_response_enc: Option<JsonWebEncryptionEnc>

JWE enc algorithm for encrypting responses of the introspection endpoint.

If introspection_signed_response_alg is not provided, this field has no effect.

Defaults to DEFAULT_ENCRYPTION_ENC_ALGORITHM if introspection_encrypted_response_alg is provided.

§post_logout_redirect_uris: Option<Vec<Url>>

post_logout_redirect_uri values that are pre-registered by the client for use at the provider’s RP-Initiated Logout endpoint.

Implementations§

source§

impl ClientMetadata

source

pub fn validate( self, ) -> Result<VerifiedClientMetadata, ClientMetadataVerificationError>

Validate this ClientMetadata according to the OpenID Connect Dynamic Client Registration Spec 1.0.

§Errors

Will return Err if validation fails.

source

pub fn response_types(&self) -> Vec<ResponseType>

Array of the OAuth 2.0 response_type values that the client can use at the authorization endpoint.

All the types used by the client in an authorization request’s response_type field must appear in this list.

Defaults to DEFAULT_RESPONSE_TYPES.

source

pub fn grant_types(&self) -> &[GrantType]

Array of OAuth 2.0 grant_type values that the client can use at the token endpoint.

Note that the possible grant types depend on the response types.

All the types used by the client in a token request’s grant_type field must appear in this list.

Defaults to DEFAULT_GRANT_TYPES.

source

pub fn application_type(&self) -> ApplicationType

The kind of the application.

Defaults to DEFAULT_APPLICATION_TYPE.

source

pub fn token_endpoint_auth_method(&self) -> &OAuthClientAuthenticationMethod

Requested client authentication method for the token endpoint.

Defaults to DEFAULT_TOKEN_AUTH_METHOD.

source

pub fn id_token_signed_response_alg(&self) -> &JsonWebSignatureAlg

JWS alg algorithm required for signing the ID Token issued to this client.

If this field is present, it must not be [JsonWebSignatureAlg::None], unless the client uses only response types that return no ID Token from the authorization endpoint.

Defaults to DEFAULT_SIGNING_ALGORITHM.

source

pub fn id_token_encrypted_response( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms required for encrypting the ID Token issued to this client.

Always returns Some if id_token_encrypted_response_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

source

pub fn userinfo_encrypted_response( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms required for encrypting user info responses.

Always returns Some if userinfo_encrypted_response_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

source

pub fn request_object_encryption( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms the client is declaring that it may use for encrypting Request Objects sent to the provider.

Always returns Some if request_object_encryption_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

source

pub fn require_auth_time(&self) -> bool

Whether the auth_time Claim in the ID Token is required.

Defaults to false.

source

pub fn require_signed_request_object(&self) -> bool

Whether the client will only send authorization requests as [Request Objects].

Defaults to false.

source

pub fn require_pushed_authorization_requests(&self) -> bool

Whether the client will only send authorization requests via the pushed authorization request endpoint.

Defaults to false.

source

pub fn introspection_encrypted_response( &self, ) -> Option<(&JsonWebEncryptionAlg, &JsonWebEncryptionEnc)>

JWE alg and enc algorithms for encrypting responses of the introspection endpoint.

Always returns Some if introspection_encrypted_response_alg is provided, using the default of DEFAULT_ENCRYPTION_ENC_ALGORITHM for the enc value if needed.

Trait Implementations§

source§

impl Clone for ClientMetadata

source§

fn clone(&self) -> ClientMetadata

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ClientMetadata

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for ClientMetadata

source§

fn default() -> ClientMetadata

Returns the “default value” for a type. Read more
source§

impl<'de> Deserialize<'de> for ClientMetadata

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl PartialEq for ClientMetadata

source§

fn eq(&self, other: &ClientMetadata) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Eq for ClientMetadata

source§

impl StructuralPartialEq for ClientMetadata

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> DynClone for T
where T: Clone,

source§

fn __clone_box(&self, _: Private) -> *mut ()

source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T> Pointable for T

source§

const ALIGN: usize = _

The alignment of pointer.
source§

type Init = T

The type for initializers.
source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

source§

fn vzip(self) -> V

source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

source§

impl<T> ErasedDestructor for T
where T: 'static,

source§

impl<T> MaybeSendSync for T
where T: Send + Sync,