zbrox.com
1//! # Jacquard OAuth 2.1 implementation for the AT Protocol
2//!
3//! Implements the AT Protocol OAuth profile, including DPoP (Demonstrating
4//! Proof-of-Possession), PKCE, PAR (Pushed Authorization Requests), and token management.
5//!
6//!
7//! ## Authentication flow
8//!
9//! ```no_run
10//! # #[cfg(feature = "loopback")]
11//! # async fn example() -> Result<(), Box<dyn std::error::Error>> {
12//! use jacquard_oauth::client::OAuthClient;
13//! use jacquard_oauth::session::ClientData;
14//! use jacquard_oauth::atproto::AtprotoClientMetadata;
15//! use jacquard_oauth::loopback::LoopbackConfig;
16//! use jacquard_oauth::authstore::MemoryAuthStore;
17//!
18//! let store = MemoryAuthStore::new();
19//!
20//! // Create client with metadata
21//! let client_data = ClientData {
22//! keyset: None, // Will generate ES256 keypair if needed
23//! config: AtprotoClientMetadata::default_localhost(),
24//! };
25//! let oauth = OAuthClient::new(store, client_data);
26//!
27//! // Start auth flow (with loopback feature)
28//! let session = oauth.login_with_local_server(
29//! "alice.bsky.social",
30//! Default::default(),
31//! LoopbackConfig::default(),
32//! ).await?;
33//!
34//! // Session handles token refresh automatically
35//! # Ok(())
36//! # }
37//! ```
38//!
39//! ## AT Protocol specifics
40//!
41//! The AT Protocol OAuth profile adds:
42//! - Required DPoP for all token requests
43//! - PAR (Pushed Authorization Requests) for better security
44//! - Specific scope format (`atproto`, `transition:generic`, etc.)
45//! - Server metadata discovery at `/.well-known/oauth-authorization-server`
46//!
47//! See [`atproto`] module for AT Protocol-specific metadata helpers.
48
49pub mod atproto;
50pub mod authstore;
51pub mod client;
52pub mod dpop;
53pub mod error;
54pub mod jose;
55pub mod keyset;
56pub mod request;
57pub mod resolver;
58pub mod scopes;
59pub mod session;
60pub mod types;
61pub mod utils;
62
63pub const FALLBACK_ALG: &str = "ES256";
64
65#[cfg(feature = "loopback")]
66pub mod loopback;