pub fn create_http_client() -> Result<Client, Error>Expand description
Create HTTP client for OIDC operations with security best practices
This client is configured with SSRF protection:
- No redirects allowed (prevents open redirect attacks)
- Suitable for OIDC discovery and token exchange operations
§Security
The no-redirect policy is important for OIDC operations because:
- Prevents attackers from redirecting requests to internal services
- Ensures OIDC endpoints are accessed directly without intermediate hops
- Protects against SSRF (Server-Side Request Forgery) attacks
§Example
use micromegas_auth::oidc::create_http_client;
let client = create_http_client()?;
let response = client.get("https://accounts.google.com/.well-known/openid-configuration")
.send()
.await?;