Bump version to 3.3.0 and MSRV to 1.65

This also addresses clippy lints reported in 1.65.

.github/workflows/main.yml

@@ -26,7 +26,7 @@ jobs:
       fail-fast: false
       matrix:
         rust_os:
-          - { rust: 1.57.0, os: ubuntu-22.04 }
+          - { rust: 1.65.0, os: ubuntu-22.04 }
           - { rust: stable, os: ubuntu-22.04 }
           - { rust: beta, os: ubuntu-22.04 }
           - { rust: nightly, os: ubuntu-22.04 }
@@ -52,12 +52,12 @@ jobs:
           components: clippy, rustfmt
           target: wasm32-unknown-unknown
 
-      # Newer dependency versions may not support rustc 1.57, so we use a Cargo.lock file for those
+      # Newer dependency versions may not support rustc 1.65, so we use a Cargo.lock file for those
       # builds.
-      - name: Use Rust 1.57 lockfile
-        if: ${{ matrix.rust_os.rust == '1.57.0' }}
+      - name: Use Rust 1.65 lockfile
+        if: ${{ matrix.rust_os.rust == '1.65.0' }}
         run: |
-          cp Cargo-1.57.lock Cargo.lock
+          cp Cargo-1.65.lock Cargo.lock
           echo "CARGO_LOCKED=--locked" >> $GITHUB_ENV
 
       - name: Run tests
@@ -68,11 +68,11 @@ jobs:
         run: cargo ${CARGO_LOCKED} test --all-features
 
       - name: Check fmt
-        if: ${{ matrix.rust_os.rust == '1.57.0' }}
+        if: ${{ matrix.rust_os.rust == '1.65.0' }}
         run: cargo ${CARGO_LOCKED} fmt --all -- --check
 
       - name: Clippy
-        if: ${{ matrix.rust_os.rust == '1.57.0' }}
+        if: ${{ matrix.rust_os.rust == '1.65.0' }}
         run: cargo ${CARGO_LOCKED} clippy --all --all-features -- --deny warnings
 
       - name: Audit
@@ -90,7 +90,7 @@ jobs:
   coverage:
     runs-on: ubuntu-latest
     container:
-      image: xd009642/tarpaulin:0.21.0
+      image: xd009642/tarpaulin:0.26.0
       options: --security-opt seccomp=unconfined
     steps:
       - uses: actions/checkout@v2

Cargo-1.57.lock → Cargo-1.65.lock

@@ -1040,7 +1040,7 @@ checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860"
 
 [[package]]
 name = "openidconnect"
-version = "3.2.1"
+version = "3.3.0"
 dependencies = [
  "anyhow",
  "base64",

Cargo.toml

@@ -1,12 +1,13 @@
 [package]
 name = "openidconnect"
-version = "3.2.1"
+version = "3.3.0"
 authors = ["David A. Ramos <[email protected]>"]
 description = "OpenID Connect library"
 license = "MIT"
 repository = "https://github.com/ramosbugs/openidconnect-rs"
 edition = "2021"
 readme = "README.md"
+rust-version = "1.65"
 
 [package.metadata.docs.rs]
 all-features = true

README.md

@@ -12,14 +12,17 @@ API documentation and examples are available on [docs.rs](https://docs.rs/openid
 
 ## Minimum Supported Rust Version (MSRV)
 
-The MSRV for *3.0.y to 3.1.y* releases of this crate is Rust **1.57**.
+The MSRV for *3.3* and newer releases of this crate is Rust **1.65**.
 
-The MSRV for *2.x.y* releases of this crate is Rust 1.45.
+The MSRV for *3.0* to *3.2* releases of this crate is Rust **1.57**.
+
+The MSRV for *2.x* releases of this crate is Rust 1.45.
 
 Since the 3.0.0 release, this crate maintains a policy of supporting
 Rust releases going back at least 6 months. Changes that break compatibility with Rust releases
 older than 6 months will no longer be considered SemVer breaking changes and will not result in a
-new major version number for this crate.
+new major version number for this crate. MSRV changes will coincide with minor version updates
+and will not happen in patch releases.
 
 ## Standards
 

examples/okta_device_grant.rs

@@ -77,9 +77,7 @@ fn main() -> Result<(), anyhow::Error> {
         env::var("CLIENT_SECRET").expect("Missing the CLIENT_SECRET environment variable."),
     );
     let issuer_url = IssuerUrl::new(
-        env::var("ISSUER_URL")
-            .expect("Missing the ISSUER_URL environment variable.")
-            .to_string(),
+        env::var("ISSUER_URL").expect("Missing the ISSUER_URL environment variable."),
     )
     .expect("Invalid issuer URL");
 

src/claims.rs

@@ -26,7 +26,7 @@ pub trait AdditionalClaims: Debug + DeserializeOwned + Serialize + 'static {}
 ///
 /// No additional claims.
 ///
-#[derive(Clone, Debug, Default, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Default, Deserialize, PartialEq, Eq, Serialize)]
 // In order to support serde flatten, this must be an empty struct rather than an empty
 // tuple struct.
 pub struct EmptyAdditionalClaims {}
@@ -35,7 +35,7 @@ impl AdditionalClaims for EmptyAdditionalClaims {}
 ///
 /// Address claims.
 ///
-#[derive(Clone, Debug, Default, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Default, Deserialize, PartialEq, Eq, Serialize)]
 pub struct AddressClaim {
     ///
     /// Full mailing address, formatted for display or use on a mailing label.
@@ -86,7 +86,7 @@ pub trait GenderClaim: Clone + Debug + DeserializeOwned + Serialize + 'static {}
 ///
 /// Standard Claims defined by OpenID Connect Core.
 ///
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 pub struct StandardClaims<GC>
 where
     GC: GenderClaim,

src/core/jwk.rs

@@ -20,7 +20,7 @@ use super::{crypto, CoreJwsSigningAlgorithm};
 ///
 /// Public or symmetric key expressed as a JSON Web Key.
 ///
-#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
 pub struct CoreJsonWebKey {
     pub(crate) kty: CoreJsonWebKeyType,
     #[serde(rename = "use", skip_serializing_if = "Option::is_none")]
@@ -544,7 +544,7 @@ impl
 ///
 /// Type of JSON Web Key.
 ///
-#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
 #[non_exhaustive]
 pub enum CoreJsonWebKeyType {
     ///
@@ -570,7 +570,7 @@ impl JsonWebKeyType for CoreJsonWebKeyType {}
 ///
 /// Type of EC-Curve
 ///
-#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
 #[non_exhaustive]
 pub enum CoreJsonCurveType {
     ///
@@ -594,7 +594,7 @@ impl JsonCurveType for CoreJsonWebKeyType {}
 ///
 /// Usage restriction for a JSON Web key.
 ///
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 #[non_exhaustive]
 pub enum CoreJsonWebKeyUse {
     ///

src/discovery.rs

@@ -31,7 +31,7 @@ pub trait AdditionalProviderMetadata: Clone + Debug + DeserializeOwned + Seriali
 ///
 /// Empty (default) extra [`ProviderMetadata`] fields.
 ///
-#[derive(Clone, Debug, Default, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Default, Deserialize, PartialEq, Eq, Serialize)]
 pub struct EmptyAdditionalProviderMetadata {}
 impl AdditionalProviderMetadata for EmptyAdditionalProviderMetadata {}
 
@@ -41,7 +41,7 @@ impl AdditionalProviderMetadata for EmptyAdditionalProviderMetadata {}
 ///
 #[serde_as]
 #[skip_serializing_none]
-#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
 #[allow(clippy::type_complexity)]
 pub struct ProviderMetadata<A, AD, CA, CN, CT, G, JE, JK, JS, JT, JU, K, RM, RT, S>
 where

src/id_token.rs

@@ -171,7 +171,7 @@ where
     JT: JsonWebKeyType,
 {
     fn to_string(&self) -> String {
-        serde_json::to_value(&self)
+        serde_json::to_value(self)
             // This should never arise, since we're just asking serde_json to serialize the
             // signing input concatenated with the signature, both of which are precomputed.
             .expect("ID token serialization failed")

src/jwt.rs

@@ -22,7 +22,7 @@ new_type![
     JsonWebTokenType(String)
 ];
 
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 #[non_exhaustive]
 pub enum JsonWebTokenAlgorithm<JE, JS, JT>
 where
@@ -95,7 +95,7 @@ where
     }
 }
 
-#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
 pub struct JsonWebTokenHeader<JE, JS, JT>
 where
     JE: JweContentEncryptionAlgorithm<JT>,
@@ -133,7 +133,7 @@ where
     fn serialize(payload: &P) -> Result<String, serde_json::Error>;
 }
 
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 pub struct JsonWebTokenJsonPayloadSerde;
 impl<P> JsonWebTokenPayloadSerde<P> for JsonWebTokenJsonPayloadSerde
 where
@@ -192,7 +192,7 @@ pub enum JsonWebTokenError {
     SigningError(#[source] SigningError),
 }
 
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 pub struct JsonWebToken<JE, JS, JT, P, S>
 where
     JE: JweContentEncryptionAlgorithm<JT>,

src/lib.rs

@@ -689,7 +689,7 @@ const OPENID_SCOPE: &str = "openid";
 /// Authentication flow, which determines how the Authorization Server returns the OpenID Connect
 /// ID token and OAuth2 access token to the Relying Party.
 ///
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 #[non_exhaustive]
 pub enum AuthenticationFlow<RT: ResponseType> {
     ///
@@ -1693,7 +1693,7 @@ mod tests {
         );
 
         let (authorize_url, _, _) = client
-            .authorize_url(flow.clone(), new_csrf, new_nonce)
+            .authorize_url(flow, new_csrf, new_nonce)
             .add_scopes(vec![
                 Scope::new("email".to_string()),
                 Scope::new("profile".to_string()),

src/logout.rs

@@ -22,7 +22,7 @@ use crate::{
 ///
 #[non_exhaustive]
 #[skip_serializing_none]
-#[derive(Clone, Debug, PartialEq, Deserialize, Serialize)]
+#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
 pub struct LogoutProviderMetadata<A>
 where
     A: AdditionalProviderMetadata,

src/registration.rs

@@ -37,7 +37,7 @@ pub trait AdditionalClientMetadata: Debug + DeserializeOwned + Serialize {}
 ///
 /// Empty (default) extra [`ClientMetadata`] fields.
 ///
-#[derive(Clone, Debug, Default, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Default, Deserialize, PartialEq, Eq, Serialize)]
 pub struct EmptyAdditionalClientMetadata {}
 impl AdditionalClientMetadata for EmptyAdditionalClientMetadata {}
 
@@ -661,7 +661,7 @@ pub trait AdditionalClientRegistrationResponse: Debug + DeserializeOwned + Seria
 ///
 /// Empty (default) extra [`ClientRegistrationResponse`] fields.
 ///
-#[derive(Clone, Debug, Default, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Default, Deserialize, PartialEq, Eq, Serialize)]
 pub struct EmptyAdditionalClientRegistrationResponse {}
 impl AdditionalClientRegistrationResponse for EmptyAdditionalClientRegistrationResponse {}
 

src/types.rs

@@ -30,7 +30,7 @@ use super::{
 /// This structure associates one more `Option<LanguageTag>` locales with the corresponding
 /// claims values.
 ///
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq)]
 pub struct LocalizedClaim<T>(HashMap<LanguageTag, T>, Option<T>);
 impl<T> LocalizedClaim<T> {
     ///
@@ -194,7 +194,7 @@ pub trait GrantType: Debug + DeserializeOwned + Serialize + 'static {}
 ///
 /// Error signing a message.
 ///
-#[derive(Clone, Debug, Error, PartialEq)]
+#[derive(Clone, Debug, Error, PartialEq, Eq)]
 #[non_exhaustive]
 pub enum SigningError {
     /// Failed to sign the message using the given key and parameters.
@@ -719,7 +719,7 @@ new_type![
 /// JSON Web Key Set.
 ///
 #[serde_as]
-#[derive(Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Debug, Deserialize, PartialEq, Eq, Serialize)]
 pub struct JsonWebKeySet<JS, JT, JU, K>
 where
     JS: JwsSigningAlgorithm<JT>,
@@ -1005,7 +1005,7 @@ new_url_type![
 ///     http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseTypesAndModes)
 /// for further details.
 ///
-#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, Deserialize, PartialEq, Eq, Serialize)]
 pub struct ResponseTypes<RT: ResponseType>(
     #[serde(
         deserialize_with = "deserialize_space_delimited_vec",

src/verification.rs

@@ -30,7 +30,7 @@ pub(crate) trait IssuerClaim {
 ///
 /// Error verifying claims.
 ///
-#[derive(Clone, Debug, Error, PartialEq)]
+#[derive(Clone, Debug, Error, PartialEq, Eq)]
 #[non_exhaustive]
 pub enum ClaimsVerificationError {
     /// Claims have expired.
@@ -71,7 +71,7 @@ pub enum ClaimsVerificationError {
 ///
 /// Error verifying claims signature.
 ///
-#[derive(Clone, Debug, Error, PartialEq)]
+#[derive(Clone, Debug, Error, PartialEq, Eq)]
 #[non_exhaustive]
 pub enum SignatureVerificationError {
     /// More than one key matches the supplied key constraints (e.g., key ID).