Module Oidc.Client

Types and functions to work with clients

Standard client

type t = {
  1. id : string;
  2. response_types : string list;
  3. grant_types : string list;
  4. redirect_uris : Uri.t list;
  5. secret : string option;
  6. token_endpoint_auth_method : string;
}

OIDC Client

val make : ?secret:string -> response_types:string list -> grant_types:string list -> redirect_uris:Uri.t list -> token_endpoint_auth_method:string -> string -> t

Create a OIDC Client

Dynamic registration

type meta = {
  1. redirect_uris : Uri.t list;
  2. response_types : string list option;
    (*

    TODO: use special response_type

    *)
  3. grant_types : string list option;
    (*

    TODO: use special grant_type

    *)
  4. application_type : string option;
    (*

    TODO: use special application_type

    *)
  5. contacts : string list option;
    (*

    email addresses

    *)
  6. client_name : string option;
  7. token_endpoint_auth_method : string option;
    (*

    TODO: Only valid strings

    *)
  8. logo_uri : Uri.t option;
  9. client_uri : Uri.t option;
  10. policy_uri : Uri.t option;
  11. tos_uri : Uri.t option;
  12. jwks_uri : Uri.t option;
  13. sector_identifier_uri : Uri.t option;
  14. subject_type : string option;
    (*

    TODO: Use subject_type type; "pairwise" or "public"

    *)
  15. id_token_signed_response_alg : Jose.Jwa.alg option;
}

Metadata used in registration of dynamic clients

val make_meta : ?response_types:string list -> ?grant_types:string list -> ?application_type:string -> ?contacts:string list -> ?client_name:string -> ?token_endpoint_auth_method:string -> ?logo_uri:Uri.t -> ?client_uri:Uri.t -> ?policy_uri:Uri.t -> ?tos_uri:Uri.t -> ?jwks_uri:Uri.t -> ?sector_identifier_uri:Uri.t -> ?subject_type:string -> ?id_token_signed_response_alg:Jose.Jwa.alg -> redirect_uris:Uri.t list -> unit -> meta
val meta_to_yojson : meta -> Yojson.Safe.t
val meta_to_string : meta -> string
type dynamic_response = {
  1. client_id : string;
  2. client_secret : string option;
  3. registration_access_token : string option;
  4. registration_client_uri : string option;
    (*

    TODO: use Uri.t

    *)
  5. client_secret_expires_at : int option;
  6. client_id_issued_at : int option;
    (*

    seconds from 1970-01-01T0:0:0Z UTC

    *)
  7. client_id_expires_at : int option;
    (*

    seconds from 1970-01-01T0:0:0Z UTC

    *)
  8. application_type : string option;
}

The actual response response should also include the metadata

val dynamic_is_expired : dynamic_response -> bool

This is useful to know if you have to re-register your client

val dynamic_of_yojson : Yojson.Safe.t -> (dynamic_response, string) Stdlib.result
val dynamic_of_string : string -> (dynamic_response, string) Stdlib.result
val of_dynamic_and_meta : dynamic:dynamic_response -> meta:meta -> t

Createa a OIDC Client from dynamic_response and meta