glow_auth/authorize_uri
A builder to generate an Authorization Uri.
The client directs the resource owner to the constructed URI using an HTTP redirection response, or by other means available to it via the user-agent.
In Authorization Code flow, they’ll be redirected with a “code” in the uri, which is short lived (10 minutes expiry recommended) that must be exchanged for an Access Token separately.
In Implicit flow, they’ll be redirected with a access token details directly encoded in the uri.
In both cases, you can send over a state
which will be sent back to you
on the redirect.
Failure is represented by the fields:
- error - invalid_request | unauthorized_client | access_denied | unsupported_response_type | invalid_scope | server_error | temporarily_unavailable
- error_description - optional human readable
- error_uri - link to a ‘more info’ page
- state - the exact value previously specified in the authorization Uri
The exception is if there is a problem with the Redirect Uri, like not set, or not registered in the Authorization provider, in which case the redirect back will just not occur.
Some requirements:
- MAY have query component
- MUST NOT have fragment component
- MUST use TLS
- MUST support GET method
- MAY support POST as well
- Params without value MUST be same as omission
- No repeat params
- MUST include response_type, typically json
Note that when redirected, the response:
- MUST include the “code” for AuthCode, or the “token” if Implicit
- MUST return error if response_type is missing or misunderstood
- MAY have query component
- MUST NOT have fragment component
- SHOULD use TLS for “code” or “token”
- Typically are registered in advance of usage
- Receiving response SHOULD NOT do js, but redirect again without exposing creds
Types
Represents the details needed to build an authorization Uri.
Use build, set_scope, set_state to build up one of these, then to_code_authorization_uri or to_implicit_authorization_uri to convert to a Uri.
pub type AuthUriSpec(body) {
AuthUriSpec(
client: Client(body),
authorize_uri: UriAppendage,
redirect_uri: Uri,
scope: Option(String),
state: Option(String),
)
}
Constructors
-
AuthUriSpec( client: Client(body), authorize_uri: UriAppendage, redirect_uri: Uri, scope: Option(String), state: Option(String), )
Functions
pub fn build(client: Client(a), authorize_uri: UriAppendage, redirect_uri: Uri) -> AuthUriSpec(
a,
)
Build a AuthUriSpec for an AuthCode authorize_uri.
Important things to note:
- The exact redirect_uri specified in this uri must also be provided when requesting an access token.
pub fn set_redirect_uri(spec: AuthUriSpec(a), redirect_uri: Uri) -> AuthUriSpec(
a,
)
Set the Redirect uri in the AuthUriSpec
pub fn set_scope(spec: AuthUriSpec(a), scope: String) -> AuthUriSpec(
a,
)
Set the scope in the AuthUriSpec
pub fn set_state(spec: AuthUriSpec(a), state: String) -> AuthUriSpec(
a,
)
Set the state in the AuthUriSpec
This can be useful as it will be included on the redirect back.
pub fn to_code_authorization_uri(spec: AuthUriSpec(a)) -> Uri
Convert an AuthUriSpec to an Authorization Uri for code
flow.
pub fn to_implicit_authorization_uri(spec: AuthUriSpec(a)) -> Uri
Convert an AuthUriSpec to an Authorization Uri for implicit
flow.