glow_auth/authorize_uri

A builder to generate an Authorization Uri.

In Authorization Code flow, they’ll be redirected with a “code” in the uri, which is short lived (10 minutes expiry recommended) that must be exchanged for an Access Token separately.

In Implicit flow, they’ll be redirected with a access token details directly encoded in the uri.

In both cases, you can send over a state which will be sent back to you on the redirect.

Failure is represented by the fields:

error - set to one of:
- invalid_request
- unauthorized_client
- access_denied
- unsupported_response_type
- invalid_scope
- server_error
- temporarily_unavailable
error_description - optional human readable
error_uri - link to a ‘more info’ page
state - the exact value previously specified in the authorization Uri

The exception is if there is a problem with the Redirect Uri, like not set, or not registered in the Authorization provider, in which case the redirect back will just not occur.

Some requirements:

MAY have query component
MUST NOT have fragment component
MUST use TLS
MUST support GET method
MAY support POST as well
Params without value MUST be same as omission
No repeat params
MUST include response_type, typically json

Note that when redirected, the response:

MUST include the “code” for AuthCode, or the “token” if Implicit
MUST return error if response_type is missing or misunderstood
MAY have query component
MUST NOT have fragment component
SHOULD use TLS for “code” or “token”
Typically are registered in advance of usage
Receiving response SHOULD NOT do js, but redirect again without exposing creds

Types

AuthUriSpec

</>

Represents the details needed to build an authorization Uri.

Use build, set_scope, set_state to build up one of these, then to_code_authorization_uri or to_implicit_authorization_uri to convert to a Uri.

pub type AuthUriSpec(body) {
  AuthUriSpec(
    client: Client(body),
    authorize_uri: UriAppendage,
    redirect_uri: Uri,
    scope: Option(String),
    state: Option(String),
  )
}

Constructors

AuthUriSpec(
  client: Client(body),
  authorize_uri: UriAppendage,
  redirect_uri: Uri,
  scope: Option(String),
  state: Option(String),
)

Functions

build

</>

pub fn build(
  client: Client(a),
  authorize_uri: UriAppendage,
  redirect_uri: Uri,
) -> AuthUriSpec(a)

Build a AuthUriSpec for an AuthCode authorize_uri.

Important things to note:

The exact redirect_uri specified in this uri must also be provided when requesting an access token.

set_redirect_uri

</>

pub fn set_redirect_uri(
  spec: AuthUriSpec(a),
  redirect_uri: Uri,
) -> AuthUriSpec(a)

Set the Redirect uri in the AuthUriSpec

set_scope

</>

pub fn set_scope(
  spec: AuthUriSpec(a),
  scope: String,
) -> AuthUriSpec(a)

Set the scope in the AuthUriSpec

set_state

</>

pub fn set_state(
  spec: AuthUriSpec(a),
  state: String,
) -> AuthUriSpec(a)

Set the state in the AuthUriSpec

This can be useful as it will be included on the redirect back.

to_code_authorization_uri

</>

pub fn to_code_authorization_uri(spec: AuthUriSpec(a)) -> Uri

Convert an AuthUriSpec to an Authorization Uri for code flow.

to_implicit_authorization_uri

</>

pub fn to_implicit_authorization_uri(spec: AuthUriSpec(a)) -> Uri

Convert an AuthUriSpec to an Authorization Uri for implicit flow.