OpenID Client

A feature complete OpenID Client library for Rust. Not stable, kindly report any bugs.

Implemented specs & features

The following client/RP features from OpenID Connect/OAuth2.0 specifications are implemented by openid-client.

• OpenID Connect Core 1.0
  • Authorization Callback
    • Authorization Code Flow
    • Implicit Flow
    • Hybrid Flow
  • UserInfo Request
  • Offline Access / Refresh Token Grant
  • Client Credentials Grant
  • Client Authentication
    • none
    • client_secret_basic
    • client_secret_post
    • client_secret_jwt
    • private_key_jwt
  • Consuming Self-Issued OpenID Provider ID Token response
• OpenID Connect Discovery 1.0
  • Discovery of OpenID Provider (Issuer) Metadata
  • Discovery of OpenID Provider (Issuer) Metadata via user provided inputs (via [webfinger][documentation-webfinger])
• OpenID Connect Dynamic Client Registration 1.0
  • Dynamic Client Registration request
  • Client initialization via registration client uri
• RFC7009 - OAuth 2.0 Token revocation
  • Client Authenticated request to token revocation
• RFC7662 - OAuth 2.0 Token introspection
  • Client Authenticated request to token introspection
• RFC8628 - OAuth 2.0 Device Authorization Grant (Device Flow)
• RFC8705 - OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens
  • Mutual TLS Client Certificate-Bound Access Tokens
  • Metadata for Mutual TLS Endpoint Aliases
  • Client Authentication
    • tls_client_auth
    • self_signed_tls_client_auth
• RFC9101 - OAuth 2.0 JWT-Secured Authorization Request (JAR)
• RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)
• RFC9449 - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)
• OpenID Connect RP-Initiated Logout 1.0
• Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)
• JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• OAuth 2.0 Authorization Server Issuer Identification

Documentation

Documentation

Alternatives

• openidconnect
• openid