pfzetto/axum-oidc
1
0
Fork 0
mirror of https://github.com/pfzetto/axum-oidc.git synced 2025-12-07 16:35:17 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge PR #41

Browse source
This commit is contained in:
Paul Zinselmeyer 2025-11-26 15:53:50 +01:00
commit 275d93d2c4
Signed by: pfzetto
SSH key fingerprint: SHA256:BOdea0+zY02mYo29j2zzK6uVpcc3Gkp4w6C7YrHbN8A
1 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/middleware.rs
View file

@ -17,7 +17,7 @@ use tower_sessions::Session;
use openidconnect::{
core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim, CoreJsonWebKey},
AccessToken, AccessTokenHash, CsrfToken, IdTokenClaims, IdTokenVerifier, Nonce,
OAuth2TokenResponse, PkceCodeChallenge, RefreshToken,
NonceVerifier as _, OAuth2TokenResponse, PkceCodeChallenge, RefreshToken,
RequestTokenError::ServerResponse,
Scope, TokenResponse, UserInfoClaims,
};
@ -425,7 +425,12 @@ async fn try_refresh_token<AC: AdditionalClaims>(
.set_other_audience_verifier_fn(|audience|
// Return false (reject) if audience is in list of untrusted audiences
!client.untrusted_audiences.contains(audience));
let claims = id_token.claims(&id_token_verifier, nonce)?;
let claims = id_token.claims(&id_token_verifier, |claims_nonce: Option<&Nonce>| {
match claims_nonce {
Some(_) => nonce.verify(claims_nonce),
None => Ok(()),
}
})?;
validate_access_token_hash(
id_token,