Trait oauth2::authz_server::AuthzServer
[−]
[src]
pub trait AuthzServer<C, E: UserError> {
fn fetch_client_data(&self, context: &mut C, client_id: String) -> Result<Option<ClientData>, OAuthError<E>>;
fn store_client_authorization(&mut self, context: &mut C, data: AuthzRequestData) -> Result<(), OAuthError<E>>;
fn retrieve_client_authorization(&self, context: &mut C, code: String) -> Result<Option<AuthzRequestData>, OAuthError<E>>;
fn issue_token_to_client(&mut self, context: &mut C, code: String, client_id: String) -> Result<TokenData, OAuthError<E>>;
fn handle_authz_request(&self, context: &mut C, request: Request) -> Result<AuthzRequestData, OAuthError<E>> { ... }
fn finish_authz_request(&mut self, context: &mut C, data: AuthzRequestData, response: Response) -> Result<(), OAuthError<E>> { ... }
fn handle_token_request(&mut self, context: &mut C, request: Request, response: Response) { ... }
}
Required Methods
fn fetch_client_data(&self, context: &mut C, client_id: String) -> Result<Option<ClientData>, OAuthError<E>>
Fetch data about a registered OAuth 2.0 client (clients are the other websites which are trying to login to your website on behalf of the user, and should have been registered with your site ahead of time).
Should return Ok(Some(ClientData)) if found, Ok(None) if not found, and
Err(OAuthError
context comes from whatever you pass into handle_authz_request(),
finish_authz_request() or handle_token_request()
fn store_client_authorization(&mut self, context: &mut C, data: AuthzRequestData) -> Result<(), OAuthError<E>>
If an authorization grant has succeeded, this will be called to store Store an issued authentication code, along with the request data associated with it (in particular, the client_id it was issued to and the redirect_uri that it was issued under, and any scope if that applies).
fn retrieve_client_authorization(&self, context: &mut C, code: String) -> Result<Option<AuthzRequestData>, OAuthError<E>>
Retrieve the data associated with an issued authentication code (the first field is the client id).
fn issue_token_to_client(&mut self, context: &mut C, code: String, client_id: String) -> Result<TokenData, OAuthError<E>>
Issue token to client, recording the issuance internally.
Provided Methods
fn handle_authz_request(&self, context: &mut C, request: Request) -> Result<AuthzRequestData, OAuthError<E>>
Handle an HTTP request at the authorization endpoint (From a user-agent, redirected by a client)
This function parses and validates the request. Then it forms the request data and returns it to the caller. The caller should then: 1) Check if the return value has error set. If so, call back into finish_authz_request() to pass that error on. 2) Authenticate the user (this may involve multiple HTTP round trips). If failed, set error to AccessDenied and pass on to finish_authz_request(). 3) Authorize the request (generally by asking the user if this is what they want) If denied, set error to AccessDenied and pass on to finish_authz_request(). 4) If all went well, set authorization_code and pass on to finish_authz_request().
Refer to rfc6749 section 3.1 as to the requirements of the URL endpoint that performs this task (TLS, no fragment, support of GET with POST optional)
fn finish_authz_request(&mut self, context: &mut C, data: AuthzRequestData, response: Response) -> Result<(), OAuthError<E>>
This finishes an Authorization Request sequence. It should be called
after the user-agent end user has been authenticated and has approved
or denied the request. data should have authorization_code and
error set appropriately.
fn handle_token_request(&mut self, context: &mut C, request: Request, response: Response)
Handle an HTTP request at the token endpoint (from a client directly, via POST only)
Refer to rfc6749 section 3.2 as to the requirements of the URL endpoint that performs this task (TLS, no fragment, must use POST)