pub async fn refresh_access_token(
http_service: &BoxCloneSyncService<Request<Bytes>, Response<Bytes>, Box<dyn Error + Send + Sync>>,
client_credentials: ClientCredentials,
token_endpoint: &Url,
refresh_token: String,
scope: Option<Scope>,
id_token_verification_data: Option<JwtVerificationData<'_>>,
auth_id_token: Option<&Jwt<'_, HashMap<String, Value>>>,
now: DateTime<Utc>,
rng: &mut impl Rng,
) -> Result<(AccessTokenResponse, Option<Jwt<'static, HashMap<String, Value>>>), TokenRefreshError>
experimental-oidc
only.Expand description
Exchange an authorization code for an access token.
This should be used as the first step for logging in, and to request a token with a new scope.
§Arguments
-
http_service
- The service to use for making HTTP requests. -
client_credentials
- The credentials obtained when registering the client. -
token_endpoint
- The URL of the issuer’s Token endpoint. -
refresh_token
- The token used to refresh the access token returned at the Token endpoint. -
scope
- The scope of the access token. The requested scope must not include any scope not originally granted to the access token, and if omitted is treated as equal to the scope originally granted by the issuer. -
id_token_verification_data
- The data required to verify the ID Token in the response.The signing algorithm corresponds to the
id_token_signed_response_alg
field in the client metadata.If it is not provided, the ID Token won’t be verified.
-
auth_id_token
- If an ID Token is expected in the response, the ID token that was returned from the latest authorization request. -
now
- The current time. -
rng
- A random number generator.
§Errors
Returns an error if the request fails, the response is invalid or the verification of the ID Token fails.