OpenID Connect Library for Rust
This library provides extensible, strongly-typed interfaces for the OpenID Connect protocol, which can be used to authenticate users via Google, GitLab, Microsoft, and many other providers.
API documentation and examples are available on docs.rs.
The MSRV for 3.3 and newer releases of this crate is Rust 1.65.
The MSRV for 3.0 to 3.2 releases of this crate is Rust 1.57.
The MSRV for 2.x releases of this crate is Rust 1.45.
Since the 3.0.0 release, this crate maintains a policy of supporting Rust releases going back at least 6 months. Changes that break compatibility with Rust releases older than 6 months will no longer be considered SemVer breaking changes and will not result in a new major version number for this crate. MSRV changes will coincide with minor version updates and will not happen in patch releases.
- OpenID Connect Core
- Supported features:
- Relying Party flows: code, implicit, hybrid
- Standard claims
- UserInfo endpoint
- RSA, HMAC, ECDSA (P-256/P-384 curves) and EdDSA (Ed25519 curve) ID token verification
- Unsupported features:
- Aggregated and distributed claims
- Passing request parameters as JWTs
- Verification of the
azp
claim (see discussion) - ECDSA-based ID token verification using the P-521 curve
- JSON Web Encryption (JWE)
- Supported features:
- OpenID Connect Discovery
- Supported features:
- Provider Metadata
- Unsupported features:
- WebFinger
- Supported features:
- OpenID Connect Dynamic Client Registration
- Supported features:
- Client Metadata
- Client Registration endpoint
- Unsupported features:
- Client Configuration endpoint
- Supported features:
- OpenID Connect RP-Initiated Logout
- OAuth 2.0 Token Introspection
- OAuth 2.0 Token Revocation
- OAuth 2.0 Device Authorization Grant
This project is sponsored by Unflakable, a service for tracking and quarantining flaky tests.