Enable clippy lints on a workspace level

This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.

crates/oidc-client/Cargo.toml

@@ -7,6 +7,9 @@ license.workspace = true
 homepage.workspace = true
 repository.workspace = true
 
+[lints]
+workspace = true
+
 [features]
 default = ["hyper", "keystore"]
 hyper = [

crates/oidc-client/src/lib.rs

@@ -53,14 +53,7 @@
 //! [MSC3861]: https://github.com/matrix-org/matrix-spec-proposals/pull/3861
 //! [OAuth 2.0]: https://oauth.net/2/
 
-#![forbid(unsafe_code)]
-#![deny(
-    clippy::all,
-    clippy::str_to_string,
-    rustdoc::broken_intra_doc_links,
-    missing_docs
-)]
-#![warn(clippy::pedantic)]
+#![deny(missing_docs)]
 #![allow(clippy::module_name_repetitions, clippy::implicit_hasher)]
 
 pub mod error;

crates/oidc-client/tests/it/main.rs

@@ -94,7 +94,7 @@ fn id_token(issuer: &str) -> (IdToken, PublicJsonWebKeySet) {
     let mut claims = HashMap::new();
     let now = now();
 
-    claims::ISS.insert(&mut claims, issuer.to_string()).unwrap();
+    claims::ISS.insert(&mut claims, issuer.to_owned()).unwrap();
     claims::SUB
         .insert(&mut claims, SUBJECT_IDENTIFIER.to_owned())
         .unwrap();
@@ -128,7 +128,7 @@ fn id_token(issuer: &str) -> (IdToken, PublicJsonWebKeySet) {
 
 /// Generate client credentials for the given authentication method.
 fn client_credentials(
-    auth_method: OAuthClientAuthenticationMethod,
+    auth_method: &OAuthClientAuthenticationMethod,
     issuer: &Url,
     custom_signing: Option<Box<JwtSigningFn>>,
 ) -> ClientCredentials {

crates/oidc-client/tests/it/requests/authorization_code.rs

@@ -149,7 +149,7 @@ fn pass_full_authorization_url() {
 async fn pass_pushed_authorization_request() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let authorization_endpoint = issuer.join("authorize").unwrap();
     let par_endpoint = issuer.join("par").unwrap();
     let redirect_uri = Url::parse(REDIRECT_URI).unwrap();
@@ -225,7 +225,7 @@ async fn pass_pushed_authorization_request() {
 async fn fail_pushed_authorization_request_404() {
     let (http_service, _, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let authorization_endpoint = issuer.join("authorize").unwrap();
     let par_endpoint = issuer.join("par").unwrap();
     let redirect_uri = Url::parse(REDIRECT_URI).unwrap();
@@ -251,7 +251,7 @@ async fn fail_pushed_authorization_request_404() {
     assert_matches!(
         error,
         AuthorizationError::PushedAuthorization(PushedAuthorizationError::Http(_))
-    )
+    );
 }
 
 /// Check if the given request to the token endpoint is valid.
@@ -303,7 +303,7 @@ fn is_valid_token_endpoint_request(req: &Request) -> bool {
 async fn pass_access_token_with_authorization_code() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let token_endpoint = issuer.join("token").unwrap();
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
 
@@ -362,7 +362,7 @@ async fn pass_access_token_with_authorization_code() {
 async fn fail_access_token_with_authorization_code_wrong_nonce() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let token_endpoint = issuer.join("token").unwrap();
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
 
@@ -424,7 +424,7 @@ async fn fail_access_token_with_authorization_code_wrong_nonce() {
 async fn fail_access_token_with_authorization_code_no_id_token() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let token_endpoint = issuer.join("token").unwrap();
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
 

crates/oidc-client/tests/it/requests/client_credentials.rs

@@ -32,7 +32,7 @@ use crate::{client_credentials, init_test, now, ACCESS_TOKEN, CLIENT_ID, CLIENT_
 async fn pass_access_token_with_client_credentials() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials = client_credentials(
-        OAuthClientAuthenticationMethod::ClientSecretPost,
+        &OAuthClientAuthenticationMethod::ClientSecretPost,
         &issuer,
         None,
     );

crates/oidc-client/tests/it/requests/introspection.rs

@@ -32,7 +32,7 @@ use crate::{client_credentials, init_test, now, ACCESS_TOKEN, CLIENT_ID, SUBJECT
 async fn pass_introspect_token() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let introspection_endpoint = issuer.join("introspect").unwrap();
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
 

crates/oidc-client/tests/it/requests/jose.rs

@@ -49,7 +49,7 @@ fn id_token(
     let mut claims = HashMap::new();
     let now = now();
 
-    claims::ISS.insert(&mut claims, issuer.to_string()).unwrap();
+    claims::ISS.insert(&mut claims, issuer.to_owned()).unwrap();
     claims::AUD
         .insert(&mut claims, CLIENT_ID.to_owned())
         .unwrap();
@@ -246,5 +246,5 @@ async fn fail_verify_id_token_wrong_auth_time() {
     )
     .unwrap_err();
 
-    assert_matches!(error, IdTokenError::WrongAuthTime)
+    assert_matches!(error, IdTokenError::WrongAuthTime);
 }

crates/oidc-client/tests/it/requests/refresh_token.rs

@@ -30,7 +30,7 @@ use crate::{client_credentials, init_test, now, ACCESS_TOKEN, CLIENT_ID, REFRESH
 async fn pass_refresh_access_token() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let token_endpoint = issuer.join("token").unwrap();
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
 

crates/oidc-client/tests/it/requests/registration.rs

@@ -188,9 +188,8 @@ async fn pass_register_client_private_key_jwt() {
     Mock::given(method("POST"))
         .and(path("/register"))
         .and(|req: &Request| {
-            let metadata = match req.body_json::<ClientMetadata>() {
-                Ok(body) => body,
-                Err(_) => return false,
+            let Ok(metadata) = req.body_json::<ClientMetadata>() else {
+                return false;
             };
 
             *metadata.token_endpoint_auth_method() == OAuthClientAuthenticationMethod::PrivateKeyJwt

crates/oidc-client/tests/it/requests/revocation.rs

@@ -28,7 +28,7 @@ use crate::{client_credentials, init_test, ACCESS_TOKEN, CLIENT_ID};
 async fn pass_revoke_token() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let revocation_endpoint = issuer.join("revoke").unwrap();
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
 

crates/oidc-client/tests/it/types/client_credentials.rs

@@ -41,7 +41,7 @@ use crate::{client_credentials, init_test, now, ACCESS_TOKEN, CLIENT_ID, CLIENT_
 async fn pass_none() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials =
-        client_credentials(OAuthClientAuthenticationMethod::None, &issuer, None);
+        client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
     let token_endpoint = issuer.join("token").unwrap();
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
 
@@ -90,7 +90,7 @@ async fn pass_none() {
 async fn pass_client_secret_basic() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials = client_credentials(
-        OAuthClientAuthenticationMethod::ClientSecretBasic,
+        &OAuthClientAuthenticationMethod::ClientSecretBasic,
         &issuer,
         None,
     );
@@ -135,7 +135,7 @@ async fn pass_client_secret_basic() {
 async fn pass_client_secret_post() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials = client_credentials(
-        OAuthClientAuthenticationMethod::ClientSecretPost,
+        &OAuthClientAuthenticationMethod::ClientSecretPost,
         &issuer,
         None,
     );
@@ -195,7 +195,7 @@ async fn pass_client_secret_post() {
 async fn pass_client_secret_jwt() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials = client_credentials(
-        OAuthClientAuthenticationMethod::ClientSecretJwt,
+        &OAuthClientAuthenticationMethod::ClientSecretJwt,
         &issuer,
         None,
     );
@@ -225,12 +225,9 @@ async fn pass_client_secret_jwt() {
                 return false;
             }
 
-            let jwt = match query_pairs.get("client_assertion") {
-                Some(jwt) => jwt,
-                None => {
-                    println!("Missing client assertion");
-                    return false;
-                }
+            let Some(jwt) = query_pairs.get("client_assertion") else {
+                println!("Missing client assertion");
+                return false;
             };
 
             let jwt = Jwt::<HashMap<String, Value>>::try_from(jwt.as_ref()).unwrap();
@@ -279,7 +276,7 @@ async fn pass_client_secret_jwt() {
 async fn pass_private_key_jwt_with_keystore() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials = client_credentials(
-        OAuthClientAuthenticationMethod::PrivateKeyJwt,
+        &OAuthClientAuthenticationMethod::PrivateKeyJwt,
         &issuer,
         None,
     );
@@ -319,12 +316,9 @@ async fn pass_private_key_jwt_with_keystore() {
                 return false;
             }
 
-            let jwt = match query_pairs.get("client_assertion") {
-                Some(jwt) => jwt,
-                None => {
-                    println!("Missing client assertion");
-                    return false;
-                }
+            let Some(jwt) = query_pairs.get("client_assertion") else {
+                println!("Missing client assertion");
+                return false;
             };
 
             let jwt = Jwt::<HashMap<String, Value>>::try_from(jwt.as_ref()).unwrap();
@@ -370,7 +364,7 @@ async fn pass_private_key_jwt_with_keystore() {
 async fn pass_private_key_jwt_with_custom_signing() {
     let (http_service, mock_server, issuer) = init_test().await;
     let client_credentials = client_credentials(
-        OAuthClientAuthenticationMethod::PrivateKeyJwt,
+        &OAuthClientAuthenticationMethod::PrivateKeyJwt,
         &issuer,
         Some(Box::new(|_claims, _alg| Ok("fake.signed.jwt".to_owned()))),
     );
@@ -439,7 +433,7 @@ async fn pass_private_key_jwt_with_custom_signing() {
 async fn fail_private_key_jwt_with_custom_signing() {
     let (http_service, _, issuer) = init_test().await;
     let client_credentials = client_credentials(
-        OAuthClientAuthenticationMethod::PrivateKeyJwt,
+        &OAuthClientAuthenticationMethod::PrivateKeyJwt,
         &issuer,
         Some(Box::new(|_claims, _alg| Err("Something went wrong".into()))),
     );