tuwunel_service/oauth/
token_response.rs

1use serde::Deserialize;
2
3/// Deserialization target for the upstream provider's `/token` JSON response.
4/// Kept distinct from `Session` because some providers emit `expires_at` as a
5/// Unix-timestamp integer, which would not deserialize into the
6/// `SystemTime`-typed `Session::expires_at`.
7#[derive(Debug, Deserialize)]
8pub struct TokenResponse {
9	/// Token type (bearer, mac, etc).
10	pub token_type: Option<String>,
11
12	/// Access token granted by the provider.
13	pub access_token: Option<String>,
14
15	/// Duration in seconds the access_token is valid for.
16	pub expires_in: Option<u64>,
17
18	/// Token used to refresh the access_token.
19	pub refresh_token: Option<String>,
20
21	/// Duration in seconds the refresh_token is valid for.
22	pub refresh_token_expires_in: Option<u64>,
23
24	/// Access scope actually granted (if supported).
25	pub scope: Option<String>,
26
27	/// Signed JWT containing the user's identity claims (OIDC).
28	pub id_token: Option<String>,
29}

tuwunel_service/oauth/token_response.rs

tuwunel_service/oauth/
token_response.rs