1 stable release
| 3.2.1 | Jun 26, 2023 |
|---|
#520 in Authentication
605KB
12K
SLoC
OpenID Connect Library for Rust
This version is a soft-fork of openidconnect-rs from David Ramos. It relaxes the backward-compatibility constraints with older Rust versions to ensure that the latest crates can always be used for projects that depend on those. As much as possible, this crate will try to remain close and up-to-date with the original one.
This library provides extensible, strongly-typed interfaces for the OpenID Connect protocol.
API documentation and examples are available on docs.rs.
Minimum Supported Rust Version (MSRV)
The MSRV for 3.0.y to 3.1.y releases of this crate is Rust 1.57.
The MSRV for 2.x.y releases of this crate is Rust 1.45.
Since the 3.0.0 release, this crate maintains a policy of supporting Rust releases going back at least 6 months. Changes that break compatibility with Rust releases older than 6 months will no longer be considered SemVer breaking changes and will not result in a new major version number for this crate.
Standards
- OpenID Connect Core
- This crate passes the
Relying Party Certification
conformance tests for
response_type=code - Supported features:
- Relying Party flows: code, implicit, hybrid
- Standard claims
- UserInfo endpoint
- RSA, HMAC, and ECDSA (P-256/P-384 curves) ID token verification
- Unsupported features:
- Aggregated and distributed claims
- Passing request parameters as JWTs
- Verification of the
azpclaim (see discussion) - ECDSA-based ID token verification using the P-521 curve
- JSON Web Encryption (JWE)
- This crate passes the
Relying Party Certification
conformance tests for
- OpenID Connect Discovery
- Supported features:
- Provider Metadata
- Unsupported features:
- WebFinger
- Supported features:
- OpenID Connect Dynamic Client Registration
- Supported features:
- Client Metadata
- Client Registration endpoint
- Unsupported features:
- Client Configuration endpoint
- Supported features:
- OpenID Connect RP-Initiated Logout
- OAuth 2.0 Token Introspection
- OAuth 2.0 Token Revocation
- OAuth 2.0 Device Authorization Grant
Sponsorship
This project is sponsored by Unflakable, a service for tracking and quarantining flaky tests.
Dependencies
~10–24MB
~411K SLoC