OpenID Connect Library for Rust
This library provides extensible, strongly-typed interfaces for the OpenID Connect protocol.
API documentation and examples are available on docs.rs.
The MSRV for 3.0.y to 3.1.y releases of this crate is Rust 1.57.
The MSRV for 2.x.y releases of this crate is Rust 1.45.
Since the 3.0.0 release, this crate maintains a policy of supporting Rust releases going back at least 6 months. Changes that break compatibility with Rust releases older than 6 months will no longer be considered SemVer breaking changes and will not result in a new major version number for this crate.
- OpenID Connect Core
- This crate passes the
Relying Party Certification
conformance tests for
response_type=code
- Supported features:
- Relying Party flows: code, implicit, hybrid
- Standard claims
- UserInfo endpoint
- RSA, HMAC, and ECDSA (P-256/P-384 curves) ID token verification
- Unsupported features:
- Aggregated and distributed claims
- Passing request parameters as JWTs
- Verification of the
azp
claim (see discussion) - ECDSA-based ID token verification using the P-521 curve
- JSON Web Encryption (JWE)
- This crate passes the
Relying Party Certification
conformance tests for
- OpenID Connect Discovery
- Supported features:
- Provider Metadata
- Unsupported features:
- WebFinger
- Supported features:
- OpenID Connect Dynamic Client Registration
- Supported features:
- Client Metadata
- Client Registration endpoint
- Unsupported features:
- Client Configuration endpoint
- Supported features:
- OpenID Connect RP-Initiated Logout
- OAuth 2.0 Token Introspection
- OAuth 2.0 Token Revocation
This project is sponsored by Unflakable, a service for tracking and quarantining flaky tests.