Implement custom token extractor

blablacio · blablacio · commit 04258ca89714 · 2025-01-01T22:03:00.000+02:00
diff --git a/jwt-authorizer/src/authorizer.rs b/jwt-authorizer/src/authorizer.rs
@@ -14,6 +14,7 @@ use crate::{
 };
 
 pub type ClaimsCheckerFn<C> = Arc<Box<dyn Fn(&C) -> bool + Send + Sync>>;
+pub type TokenExtractorFn = Arc<Box<dyn Fn(&HeaderMap) -> Option<String> + Send + Sync>>;
 
 pub struct Authorizer<C = RegisteredClaims>
 where
@@ -23,6 +24,7 @@ where
     pub claims_checker: Option<ClaimsCheckerFn<C>>,
     pub validation: crate::validation::Validation,
     pub jwt_source: JwtSource,
+    pub token_extractor: Option<TokenExtractorFn>,
 }
 
 fn read_data(path: &str) -> Result<Vec<u8>, InitError> {
@@ -56,6 +58,7 @@ where
         refresh: Option<Refresh>,
         validation: crate::validation::Validation,
         jwt_source: JwtSource,
+        token_extractor: Option<TokenExtractorFn>,
         http_client: Option<Client>,
     ) -> Result<Authorizer<C>, InitError> {
         Ok(match key_source_type {
@@ -77,6 +80,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::RSAString(text) => {
@@ -97,6 +101,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::EC(path) => {
@@ -110,6 +115,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::ECString(text) => {
@@ -123,6 +129,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::ED(path) => {
@@ -136,6 +143,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::EDString(text) => {
@@ -149,6 +157,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::Secret(secret) => {
@@ -162,6 +171,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::JwksPath(path) => {
@@ -179,6 +189,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::JwksString(jwks_str) => {
@@ -197,6 +208,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::Jwks(url) => {
@@ -207,6 +219,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
             KeySourceType::Discovery(issuer_url) => {
@@ -219,6 +232,7 @@ where
                     claims_checker,
                     validation,
                     jwt_source,
+                    token_extractor,
                 }
             }
         })
@@ -241,14 +255,18 @@ where
     }
 
     pub fn extract_token(&self, h: &HeaderMap) -> Option<String> {
-        match &self.jwt_source {
-            layer::JwtSource::AuthorizationHeader => {
-                let bearer_o: Option<Authorization<Bearer>> = h.typed_get();
-                bearer_o.map(|b| String::from(b.0.token()))
+        if let Some(ref extractor) = self.token_extractor {
+            extractor(h)
+        } else {
+            match &self.jwt_source {
+                layer::JwtSource::AuthorizationHeader => {
+                    let bearer_o: Option<Authorization<Bearer>> = h.typed_get();
+                    bearer_o.map(|b| String::from(b.0.token()))
+                }
+                layer::JwtSource::Cookie(name) => h
+                    .typed_get::<headers::Cookie>()
+                    .and_then(|c| c.get(name.as_str()).map(String::from)),
             }
-            layer::JwtSource::Cookie(name) => h
-                .typed_get::<headers::Cookie>()
-                .and_then(|c| c.get(name.as_str()).map(String::from)),
         }
     }
 }
@@ -334,6 +352,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -360,6 +379,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -376,6 +396,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -389,6 +410,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -402,6 +424,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -415,6 +438,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -441,6 +465,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -454,6 +479,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -467,6 +493,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await
         .unwrap();
@@ -483,6 +510,7 @@ mod tests {
             Validation::new(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await;
         println!("{:?}", a.as_ref().err());
@@ -498,6 +526,7 @@ mod tests {
             Validation::default(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await;
         println!("{:?}", a.as_ref().err());
@@ -513,6 +542,7 @@ mod tests {
             Validation::default(),
             JwtSource::AuthorizationHeader,
             None,
+            None,
         )
         .await;
         println!("{:?}", a.as_ref().err());
diff --git a/jwt-authorizer/src/builder.rs b/jwt-authorizer/src/builder.rs
@@ -3,7 +3,7 @@ use std::sync::Arc;
 use serde::de::DeserializeOwned;
 
 use crate::{
-    authorizer::{ClaimsCheckerFn, KeySourceType},
+    authorizer::{ClaimsCheckerFn, KeySourceType, TokenExtractorFn},
     error::InitError,
     layer::{AuthorizationLayer, JwtSource},
     Authorizer, Refresh, RefreshStrategy, RegisteredClaims, Validation,
@@ -24,6 +24,7 @@ where
     claims_checker: Option<ClaimsCheckerFn<C>>,
     validation: Option<Validation>,
     jwt_source: JwtSource,
+    token_extractor: Option<TokenExtractorFn>,
     http_client: Option<Client>,
 }
 
@@ -43,6 +44,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -55,6 +57,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -66,6 +69,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -77,6 +81,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -89,6 +94,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -101,6 +107,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -113,6 +120,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -125,6 +133,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -137,6 +146,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -149,6 +159,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -161,6 +172,7 @@ where
             claims_checker: None,
             validation: None,
             jwt_source: JwtSource::AuthorizationHeader,
+            token_extractor: None,
             http_client: None,
         }
     }
@@ -212,6 +224,15 @@ where
         self
     }
 
+    /// configures the token extractor function
+    ///
+    /// (default: None)
+    pub fn token_extractor(mut self, token_extractor: TokenExtractorFn) -> AuthorizerBuilder<C> {
+        self.token_extractor = Some(token_extractor);
+
+        self
+    }
+
     /// provide a custom http client for oicd requests
     /// if not called, uses a default configured client
     ///
@@ -233,6 +254,7 @@ where
                 self.refresh,
                 val,
                 self.jwt_source,
+                self.token_extractor,
                 None,
             )
             .await?,
@@ -249,6 +271,7 @@ where
             self.refresh,
             val,
             self.jwt_source,
+            self.token_extractor,
             self.http_client,
         )
         .await
diff --git a/jwt-authorizer/tests/tests.rs b/jwt-authorizer/tests/tests.rs

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ use crate::{`
`14`	`14`	`};`
`15`	`15`
`16`	`16`	`pub type ClaimsCheckerFn<C> = Arc<Box<dyn Fn(&C) -> bool + Send + Sync>>;`
	`17`	`+pub type TokenExtractorFn = Arc<Box<dyn Fn(&HeaderMap) -> Option<String> + Send + Sync>>;`
`17`	`18`
`18`	`19`	`pub struct Authorizer<C = RegisteredClaims>`
`19`	`20`	`where`
`@@ -23,6 +24,7 @@ where`
`23`	`24`	`pub claims_checker: Option<ClaimsCheckerFn<C>>,`
`24`	`25`	`pub validation: crate::validation::Validation,`
`25`	`26`	`pub jwt_source: JwtSource,`
	`27`	`+ pub token_extractor: Option<TokenExtractorFn>,`
`26`	`28`	`}`
`27`	`29`
`28`	`30`	`fn read_data(path: &str) -> Result<Vec<u8>, InitError> {`
`@@ -56,6 +58,7 @@ where`
`56`	`58`	`refresh: Option<Refresh>,`
`57`	`59`	`validation: crate::validation::Validation,`
`58`	`60`	`jwt_source: JwtSource,`
	`61`	`+ token_extractor: Option<TokenExtractorFn>,`
`59`	`62`	`http_client: Option<Client>,`
`60`	`63`	`) -> Result<Authorizer<C>, InitError> {`
`61`	`64`	`Ok(match key_source_type {`
`@@ -77,6 +80,7 @@ where`
`77`	`80`	`claims_checker,`
`78`	`81`	`validation,`
`79`	`82`	`jwt_source,`
	`83`	`+ token_extractor,`
`80`	`84`	`}`
`81`	`85`	`}`
`82`	`86`	`KeySourceType::RSAString(text) => {`
`@@ -97,6 +101,7 @@ where`
`97`	`101`	`claims_checker,`
`98`	`102`	`validation,`
`99`	`103`	`jwt_source,`
	`104`	`+ token_extractor,`
`100`	`105`	`}`
`101`	`106`	`}`
`102`	`107`	`KeySourceType::EC(path) => {`
`@@ -110,6 +115,7 @@ where`
`110`	`115`	`claims_checker,`
`111`	`116`	`validation,`
`112`	`117`	`jwt_source,`
	`118`	`+ token_extractor,`
`113`	`119`	`}`
`114`	`120`	`}`
`115`	`121`	`KeySourceType::ECString(text) => {`
`@@ -123,6 +129,7 @@ where`
`123`	`129`	`claims_checker,`
`124`	`130`	`validation,`
`125`	`131`	`jwt_source,`
	`132`	`+ token_extractor,`
`126`	`133`	`}`
`127`	`134`	`}`
`128`	`135`	`KeySourceType::ED(path) => {`
`@@ -136,6 +143,7 @@ where`
`136`	`143`	`claims_checker,`
`137`	`144`	`validation,`
`138`	`145`	`jwt_source,`
	`146`	`+ token_extractor,`
`139`	`147`	`}`
`140`	`148`	`}`
`141`	`149`	`KeySourceType::EDString(text) => {`
`@@ -149,6 +157,7 @@ where`
`149`	`157`	`claims_checker,`
`150`	`158`	`validation,`
`151`	`159`	`jwt_source,`
	`160`	`+ token_extractor,`
`152`	`161`	`}`
`153`	`162`	`}`
`154`	`163`	`KeySourceType::Secret(secret) => {`
`@@ -162,6 +171,7 @@ where`
`162`	`171`	`claims_checker,`
`163`	`172`	`validation,`
`164`	`173`	`jwt_source,`
	`174`	`+ token_extractor,`
`165`	`175`	`}`
`166`	`176`	`}`
`167`	`177`	`KeySourceType::JwksPath(path) => {`
`@@ -179,6 +189,7 @@ where`
`179`	`189`	`claims_checker,`
`180`	`190`	`validation,`
`181`	`191`	`jwt_source,`
	`192`	`+ token_extractor,`
`182`	`193`	`}`
`183`	`194`	`}`
`184`	`195`	`KeySourceType::JwksString(jwks_str) => {`
`@@ -197,6 +208,7 @@ where`
`197`	`208`	`claims_checker,`
`198`	`209`	`validation,`
`199`	`210`	`jwt_source,`
	`211`	`+ token_extractor,`
`200`	`212`	`}`
`201`	`213`	`}`
`202`	`214`	`KeySourceType::Jwks(url) => {`
`@@ -207,6 +219,7 @@ where`
`207`	`219`	`claims_checker,`
`208`	`220`	`validation,`
`209`	`221`	`jwt_source,`
	`222`	`+ token_extractor,`
`210`	`223`	`}`
`211`	`224`	`}`
`212`	`225`	`KeySourceType::Discovery(issuer_url) => {`
`@@ -219,6 +232,7 @@ where`
`219`	`232`	`claims_checker,`
`220`	`233`	`validation,`
`221`	`234`	`jwt_source,`
	`235`	`+ token_extractor,`
`222`	`236`	`}`
`223`	`237`	`}`
`224`	`238`	`})`
`@@ -241,14 +255,18 @@ where`
`241`	`255`	`}`
`242`	`256`
`243`	`257`	`pub fn extract_token(&self, h: &HeaderMap) -> Option<String> {`
`244`		`- match &self.jwt_source {`
`245`		`- layer::JwtSource::AuthorizationHeader => {`
`246`		`- let bearer_o: Option<Authorization<Bearer>> = h.typed_get();`
`247`		`- bearer_o.map(\|b\| String::from(b.0.token()))`
	`258`	`+ if let Some(ref extractor) = self.token_extractor {`
	`259`	`+ extractor(h)`
	`260`	`+ } else {`
	`261`	`+ match &self.jwt_source {`
	`262`	`+ layer::JwtSource::AuthorizationHeader => {`
	`263`	`+ let bearer_o: Option<Authorization<Bearer>> = h.typed_get();`
	`264`	`+ bearer_o.map(\|b\| String::from(b.0.token()))`
	`265`	`+ }`
	`266`	`+ layer::JwtSource::Cookie(name) => h`
	`267`	`+ .typed_get::<headers::Cookie>()`
	`268`	`+ .and_then(\|c\| c.get(name.as_str()).map(String::from)),`
`248`	`269`	`}`
`249`		`- layer::JwtSource::Cookie(name) => h`
`250`		`- .typed_get::<headers::Cookie>()`
`251`		`- .and_then(\|c\| c.get(name.as_str()).map(String::from)),`
`252`	`270`	`}`
`253`	`271`	`}`
`254`	`272`	`}`
`@@ -334,6 +352,7 @@ mod tests {`
`334`	`352`	`Validation::new(),`
`335`	`353`	`JwtSource::AuthorizationHeader,`
`336`	`354`	`None,`
	`355`	`+ None,`
`337`	`356`	`)`
`338`	`357`	`.await`
`339`	`358`	`.unwrap();`
`@@ -360,6 +379,7 @@ mod tests {`
`360`	`379`	`Validation::new(),`
`361`	`380`	`JwtSource::AuthorizationHeader,`
`362`	`381`	`None,`
	`382`	`+ None,`
`363`	`383`	`)`
`364`	`384`	`.await`
`365`	`385`	`.unwrap();`
`@@ -376,6 +396,7 @@ mod tests {`
`376`	`396`	`Validation::new(),`
`377`	`397`	`JwtSource::AuthorizationHeader,`
`378`	`398`	`None,`
	`399`	`+ None,`
`379`	`400`	`)`
`380`	`401`	`.await`
`381`	`402`	`.unwrap();`
`@@ -389,6 +410,7 @@ mod tests {`
`389`	`410`	`Validation::new(),`
`390`	`411`	`JwtSource::AuthorizationHeader,`
`391`	`412`	`None,`
	`413`	`+ None,`
`392`	`414`	`)`
`393`	`415`	`.await`
`394`	`416`	`.unwrap();`
`@@ -402,6 +424,7 @@ mod tests {`
`402`	`424`	`Validation::new(),`
`403`	`425`	`JwtSource::AuthorizationHeader,`
`404`	`426`	`None,`
	`427`	`+ None,`
`405`	`428`	`)`
`406`	`429`	`.await`
`407`	`430`	`.unwrap();`
`@@ -415,6 +438,7 @@ mod tests {`
`415`	`438`	`Validation::new(),`
`416`	`439`	`JwtSource::AuthorizationHeader,`
`417`	`440`	`None,`
	`441`	`+ None,`
`418`	`442`	`)`
`419`	`443`	`.await`
`420`	`444`	`.unwrap();`
`@@ -441,6 +465,7 @@ mod tests {`
`441`	`465`	`Validation::new(),`
`442`	`466`	`JwtSource::AuthorizationHeader,`
`443`	`467`	`None,`
	`468`	`+ None,`
`444`	`469`	`)`
`445`	`470`	`.await`
`446`	`471`	`.unwrap();`
`@@ -454,6 +479,7 @@ mod tests {`
`454`	`479`	`Validation::new(),`
`455`	`480`	`JwtSource::AuthorizationHeader,`
`456`	`481`	`None,`
	`482`	`+ None,`
`457`	`483`	`)`
`458`	`484`	`.await`
`459`	`485`	`.unwrap();`
`@@ -467,6 +493,7 @@ mod tests {`
`467`	`493`	`Validation::new(),`
`468`	`494`	`JwtSource::AuthorizationHeader,`
`469`	`495`	`None,`
	`496`	`+ None,`
`470`	`497`	`)`
`471`	`498`	`.await`
`472`	`499`	`.unwrap();`
`@@ -483,6 +510,7 @@ mod tests {`
`483`	`510`	`Validation::new(),`
`484`	`511`	`JwtSource::AuthorizationHeader,`
`485`	`512`	`None,`
	`513`	`+ None,`
`486`	`514`	`)`
`487`	`515`	`.await;`
`488`	`516`	`println!("{:?}", a.as_ref().err());`
`@@ -498,6 +526,7 @@ mod tests {`
`498`	`526`	`Validation::default(),`
`499`	`527`	`JwtSource::AuthorizationHeader,`
`500`	`528`	`None,`
	`529`	`+ None,`
`501`	`530`	`)`
`502`	`531`	`.await;`
`503`	`532`	`println!("{:?}", a.as_ref().err());`
`@@ -513,6 +542,7 @@ mod tests {`
`513`	`542`	`Validation::default(),`
`514`	`543`	`JwtSource::AuthorizationHeader,`
`515`	`544`	`None,`
	`545`	`+ None,`
`516`	`546`	`)`
`517`	`547`	`.await;`
`518`	`548`	`println!("{:?}", a.as_ref().err());`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ use std::sync::Arc;`
`3`	`3`	`use serde::de::DeserializeOwned;`
`4`	`4`
`5`	`5`	`use crate::{`
`6`		`- authorizer::{ClaimsCheckerFn, KeySourceType},`
	`6`	`+ authorizer::{ClaimsCheckerFn, KeySourceType, TokenExtractorFn},`
`7`	`7`	`error::InitError,`
`8`	`8`	`layer::{AuthorizationLayer, JwtSource},`
`9`	`9`	`Authorizer, Refresh, RefreshStrategy, RegisteredClaims, Validation,`
`@@ -24,6 +24,7 @@ where`
`24`	`24`	`claims_checker: Option<ClaimsCheckerFn<C>>,`
`25`	`25`	`validation: Option<Validation>,`
`26`	`26`	`jwt_source: JwtSource,`
	`27`	`+ token_extractor: Option<TokenExtractorFn>,`
`27`	`28`	`http_client: Option<Client>,`
`28`	`29`	`}`
`29`	`30`
`@@ -43,6 +44,7 @@ where`
`43`	`44`	`claims_checker: None,`
`44`	`45`	`validation: None,`
`45`	`46`	`jwt_source: JwtSource::AuthorizationHeader,`
	`47`	`+ token_extractor: None,`
`46`	`48`	`http_client: None,`
`47`	`49`	`}`
`48`	`50`	`}`
`@@ -55,6 +57,7 @@ where`
`55`	`57`	`claims_checker: None,`
`56`	`58`	`validation: None,`
`57`	`59`	`jwt_source: JwtSource::AuthorizationHeader,`
	`60`	`+ token_extractor: None,`
`58`	`61`	`http_client: None,`
`59`	`62`	`}`
`60`	`63`	`}`
`@@ -66,6 +69,7 @@ where`
`66`	`69`	`claims_checker: None,`
`67`	`70`	`validation: None,`
`68`	`71`	`jwt_source: JwtSource::AuthorizationHeader,`
	`72`	`+ token_extractor: None,`
`69`	`73`	`http_client: None,`
`70`	`74`	`}`
`71`	`75`	`}`
`@@ -77,6 +81,7 @@ where`
`77`	`81`	`claims_checker: None,`
`78`	`82`	`validation: None,`
`79`	`83`	`jwt_source: JwtSource::AuthorizationHeader,`
	`84`	`+ token_extractor: None,`
`80`	`85`	`http_client: None,`
`81`	`86`	`}`
`82`	`87`	`}`
`@@ -89,6 +94,7 @@ where`
`89`	`94`	`claims_checker: None,`
`90`	`95`	`validation: None,`
`91`	`96`	`jwt_source: JwtSource::AuthorizationHeader,`
	`97`	`+ token_extractor: None,`
`92`	`98`	`http_client: None,`
`93`	`99`	`}`
`94`	`100`	`}`
`@@ -101,6 +107,7 @@ where`
`101`	`107`	`claims_checker: None,`
`102`	`108`	`validation: None,`
`103`	`109`	`jwt_source: JwtSource::AuthorizationHeader,`
	`110`	`+ token_extractor: None,`
`104`	`111`	`http_client: None,`
`105`	`112`	`}`
`106`	`113`	`}`
`@@ -113,6 +120,7 @@ where`
`113`	`120`	`claims_checker: None,`
`114`	`121`	`validation: None,`
`115`	`122`	`jwt_source: JwtSource::AuthorizationHeader,`
	`123`	`+ token_extractor: None,`
`116`	`124`	`http_client: None,`
`117`	`125`	`}`
`118`	`126`	`}`
`@@ -125,6 +133,7 @@ where`
`125`	`133`	`claims_checker: None,`
`126`	`134`	`validation: None,`
`127`	`135`	`jwt_source: JwtSource::AuthorizationHeader,`
	`136`	`+ token_extractor: None,`
`128`	`137`	`http_client: None,`
`129`	`138`	`}`
`130`	`139`	`}`
`@@ -137,6 +146,7 @@ where`
`137`	`146`	`claims_checker: None,`
`138`	`147`	`validation: None,`
`139`	`148`	`jwt_source: JwtSource::AuthorizationHeader,`
	`149`	`+ token_extractor: None,`
`140`	`150`	`http_client: None,`
`141`	`151`	`}`
`142`	`152`	`}`
`@@ -149,6 +159,7 @@ where`
`149`	`159`	`claims_checker: None,`
`150`	`160`	`validation: None,`
`151`	`161`	`jwt_source: JwtSource::AuthorizationHeader,`
	`162`	`+ token_extractor: None,`
`152`	`163`	`http_client: None,`
`153`	`164`	`}`
`154`	`165`	`}`
`@@ -161,6 +172,7 @@ where`
`161`	`172`	`claims_checker: None,`
`162`	`173`	`validation: None,`
`163`	`174`	`jwt_source: JwtSource::AuthorizationHeader,`
	`175`	`+ token_extractor: None,`
`164`	`176`	`http_client: None,`
`165`	`177`	`}`
`166`	`178`	`}`
`@@ -212,6 +224,15 @@ where`
`212`	`224`	`self`
`213`	`225`	`}`
`214`	`226`
	`227`	`+ /// configures the token extractor function`
	`228`	`+ ///`
	`229`	`+ /// (default: None)`
	`230`	`+ pub fn token_extractor(mut self, token_extractor: TokenExtractorFn) -> AuthorizerBuilder<C> {`
	`231`	`+ self.token_extractor = Some(token_extractor);`
	`232`	`+`
	`233`	`+ self`
	`234`	`+ }`
	`235`	`+`
`215`	`236`	`/// provide a custom http client for oicd requests`
`216`	`237`	`/// if not called, uses a default configured client`
`217`	`238`	`///`
`@@ -233,6 +254,7 @@ where`
`233`	`254`	`self.refresh,`
`234`	`255`	`val,`
`235`	`256`	`self.jwt_source,`
	`257`	`+ self.token_extractor,`
`236`	`258`	`None,`
`237`	`259`	`)`
`238`	`260`	`.await?,`
`@@ -249,6 +271,7 @@ where`
`249`	`271`	`self.refresh,`
`250`	`272`	`val,`
`251`	`273`	`self.jwt_source,`
	`274`	`+ self.token_extractor,`
`252`	`275`	`self.http_client,`
`253`	`276`	`)`
`254`	`277`	`.await`