A better Rust ATProto crate
1//! # Jacquard OAuth 2.1 implementation for the AT Protocol
2//!
3//! Implements the AT Protocol OAuth profile, including DPoP (Demonstrating
4//! Proof-of-Possession), PKCE, PAR (Pushed Authorization Requests), and token management.
5//!
6//!
7//! ## Authentication flow
8//!
9//! ```no_run
10//! # #[cfg(feature = "loopback")]
11//! # async fn example() -> Result<(), Box<dyn std::error::Error>> {
12//! use jacquard_oauth::client::OAuthClient;
13//! use jacquard_oauth::session::ClientData;
14//! use jacquard_oauth::atproto::AtprotoClientMetadata;
15//! use jacquard_oauth::loopback::LoopbackConfig;
16//! use jacquard_oauth::authstore::MemoryAuthStore;
17//!
18//! let store = MemoryAuthStore::new();
19//!
20//! // Create client with metadata
21//! let client_data = ClientData {
22//! keyset: None, // Will generate ES256 keypair if needed
23//! config: AtprotoClientMetadata::default_localhost(),
24//! };
25//! let oauth = OAuthClient::new(store, client_data);
26//!
27//! // Start auth flow (with loopback feature)
28//! let session = oauth.login_with_local_server(
29//! "alice.bsky.social",
30//! Default::default(),
31//! LoopbackConfig::default(),
32//! ).await?;
33//!
34//! // Session handles token refresh automatically
35//! # Ok(())
36//! # }
37//! ```
38//!
39//! ## AT Protocol specifics
40//!
41//! The AT Protocol OAuth profile adds:
42//! - Required DPoP for all token requests
43//! - PAR (Pushed Authorization Requests) for better security
44//! - Specific scope format (`atproto`, `transition:generic`, etc.)
45//! - Server metadata discovery at `/.well-known/oauth-authorization-server`
46//!
47//! See [`atproto`] module for AT Protocol-specific metadata helpers.
48
49#![warn(missing_docs)]
50/// AT Protocol-specific OAuth client metadata helpers and builder types.
51pub mod atproto;
52/// Storage trait and in-memory implementation for OAuth client auth state.
53pub mod authstore;
54/// High-level OAuth client for driving the full authorization code flow.
55pub mod client;
56/// DPoP (Demonstrating Proof-of-Possession) key generation and request signing.
57pub mod dpop;
58/// Top-level OAuth error types for the authorization flow.
59pub mod error;
60/// JOSE primitives: JWS headers, JWT claims, and signing utilities.
61pub mod jose;
62/// JWK keyset management for signing keys used in DPoP and client auth.
63pub mod keyset;
64/// Low-level OAuth request helpers: PAR, token exchange, and refresh.
65pub mod request;
66/// OAuth server metadata resolution: authorization server and protected resource discovery.
67pub mod resolver;
68///
69pub mod scopes;
70/// OAuth session types, token storage, and DPoP session state.
71pub mod session;
72/// OAuth protocol types: client metadata, token sets, and server metadata.
73pub mod types;
74/// Miscellaneous cryptographic utilities: key generation, PKCE, and hashing helpers.
75pub mod utils;
76
77/// Fallback signing algorithm used when no preferred algorithm is negotiated with the server.
78pub const FALLBACK_ALG: &str = "ES256";
79
80/// Loopback server helpers for the local redirect-based OAuth flow.
81#[cfg(feature = "loopback")]
82pub mod loopback;