pfzetto/axum-oidc
1
0
Fork 0
mirror of https://codeberg.org/pfzetto/axum-oidc synced 2025-12-08 06:05:16 +01:00
Code Issues Projects Releases Packages Wiki Activity

add UserInfoClaims, add untrusted_audiences, add tracing

Browse source
This commit is contained in:
JuliDi 2025-11-24 11:18:54 +01:00
parent 6280ad62cc
commit 094e9e5ff6
No known key found for this signature in database
GPG key ID: E1E90AE563D09D63
9 changed files with 210 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

12
examples/basic/Cargo.toml
View file

@ -1,12 +1,16 @@
[package]
edition = "2024"
name = "basic"
version = "0.1.0"
edition = "2021"
[dependencies]
tokio = { version = "1.43", features = ["net", "macros", "rt-multi-thread"] }
axum = { version = "0.8", features = [ "macros" ]}
axum = { version = "0.8", features = ["macros"] }
axum-oidc = { path = "./../.." }
dotenvy = "0.15"
openidconnect = "4.0.1"
tokio = { version = "1.48.0", features = ["macros", "net", "rt-multi-thread"] }
tower = "0.5"
tower-sessions = "0.14"
dotenvy = "0.15"
tracing-subscriber = "0.3.20"
tracing = "0.1.41"
serde = "1.0.228"

23
examples/basic/src/main.rs
View file

@ -6,8 +6,9 @@ use axum::{
Router,
};
use axum_oidc::{
error::MiddlewareError, handle_oidc_redirect, ClientId, ClientSecret, EmptyAdditionalClaims,
OidcAuthLayer, OidcClaims, OidcClient, OidcLoginLayer, OidcRpInitiatedLogout,
error::MiddlewareError, handle_oidc_redirect, Audience, ClientId, ClientSecret,
EmptyAdditionalClaims, OidcAuthLayer, OidcClaims, OidcClient, OidcLoginLayer,
OidcRpInitiatedLogout,
};
use tokio::net::TcpListener;
use tower::ServiceBuilder;
@ -15,9 +16,15 @@ use tower_sessions::{
cookie::{time::Duration, SameSite},
Expiry, MemoryStore, SessionManagerLayer,
};
use tracing::Level;
#[tokio::main]
pub async fn main() {
async fn main() {
tracing_subscriber::fmt()
.with_file(true)
.with_line_number(true)
.with_max_level(Level::INFO)
.init();
dotenvy::dotenv().ok();
let issuer = std::env::var("ISSUER").expect("ISSUER env variable");
let client_id = std::env::var("CLIENT_ID").expect("CLIENT_ID env variable");
@ -39,7 +46,12 @@ pub async fn main() {
let mut oidc_client = OidcClient::<EmptyAdditionalClaims>::builder()
.with_default_http_client()
.with_redirect_url(Uri::from_static("http://localhost:8080/oidc"))
.with_client_id(ClientId::new(client_id));
.with_client_id(ClientId::new(client_id))
.add_scope("profile")
.add_scope("email")
// Optional: add untrusted audiences. If the `aud` claim contains any of these audiences, the token is rejected.
.add_untrusted_audience(Audience::new("123456789".to_string()));
if let Some(client_secret) = client_secret {
oidc_client = oidc_client.with_client_secret(ClientSecret::new(client_secret));
}
@ -61,6 +73,9 @@ pub async fn main() {
.layer(oidc_auth_service)
.layer(session_layer);
tracing::info!("Running on http://localhost:8080");
tracing::info!("Visit http://localhost:8080/bar or http://localhost:8080/foo");
let listener = TcpListener::bind("[::]:8080").await.unwrap();
axum::serve(listener, app.into_make_service())
.await