Use AuthenticationContextClass, IssuerUrl and Scope instead of strings

2025-12-07 16:35:17 +01:00 · 2025-11-25 13:44:39 +01:00 · 2025-11-25 13:44:39 +01:00 · 3acdd41a9a
commit 3acdd41a9a
parent 542fe66313
3 changed files with 22 additions and 22 deletions
--- a/src/builder.rs
+++ b/src/builder.rs
@ -1,7 +1,9 @@
 use std::marker::PhantomData;

 use http::Uri;
-use openidconnect::{Audience, ClientId, ClientSecret, IssuerUrl};
+use openidconnect::{
+    Audience, AuthenticationContextClass, ClientId, ClientSecret, IssuerUrl, Scope,
+};

 use crate::{error::Error, AdditionalClaims, Client, OidcClient, ProviderMetadata};

@ -21,8 +23,8 @@ pub struct Builder<AC: AdditionalClaims, Credentials, Client, HttpClient, Redire
    http_client: HttpClient,
    redirect_url: RedirectUrl,
    end_session_endpoint: Option<Uri>,
-    scopes: Vec<Box<str>>,
-    auth_context_class: Option<Box<str>>,
+    scopes: Vec<Scope>,
+    auth_context_class: Option<AuthenticationContextClass>,
    untrusted_audiences: Vec<Audience>,
    _ac: PhantomData<AC>,
 }
@ -41,7 +43,7 @@ impl<AC: AdditionalClaims> Builder<AC, (), (), (), ()> {
            http_client: (),
            redirect_url: (),
            end_session_endpoint: None,
-            scopes: vec![Box::from("openid")],
+            scopes: vec![Scope::new("openid".to_string())],
            auth_context_class: None,
            untrusted_audiences: Vec::new(),
            _ac: PhantomData,
@ -58,20 +60,20 @@ impl<AC: AdditionalClaims> OidcClient<AC> {

 impl<AC: AdditionalClaims, CREDS, CLIENT, HTTP, RURL> Builder<AC, CREDS, CLIENT, HTTP, RURL> {
    /// add a scope to existing (default) scopes
-    pub fn add_scope(mut self, scope: impl Into<Box<str>>) -> Self {
-        self.scopes.push(scope.into());
+    pub fn add_scope(mut self, scope: Scope) -> Self {
+        self.scopes.push(scope);
        self
    }

    /// replace scopes (including default)
-    pub fn with_scopes(mut self, scopes: impl Iterator<Item = impl Into<Box<str>>>) -> Self {
-        self.scopes = scopes.map(|x| x.into()).collect::<Vec<_>>();
+    pub fn with_scopes(mut self, scopes: Vec<Scope>) -> Self {
+        self.scopes = scopes;
        self
    }

    /// authenticate with Authentication Context Class Reference
-    pub fn with_auth_context_class(mut self, acr: impl Into<Box<str>>) -> Self {
-        self.auth_context_class = Some(acr.into());
+    pub fn with_auth_context_class(mut self, acr: AuthenticationContextClass) -> Self {
+        self.auth_context_class = Some(acr);
        self
    }

@ -212,14 +214,13 @@ impl<AC: AdditionalClaims> Builder<AC, ClientCredentials, (), HttpClient, Redire
    /// discover issuer details
    pub async fn discover(
        self,
-        issuer: String,
+        issuer: IssuerUrl,
    ) -> Result<
        Builder<AC, ClientCredentials, OpenidconnectClient<AC>, HttpClient, RedirectUrl>,
        Error,
    > {
-        let issuer_url = IssuerUrl::new(issuer)?;
        let http_client = self.http_client.0.clone();
-        let provider_metadata = ProviderMetadata::discover_async(issuer_url, &http_client);
+        let provider_metadata = ProviderMetadata::discover_async(issuer, &http_client);

        Self::manual(self, provider_metadata.await?)
    }
--- a/src/lib.rs
+++ b/src/lib.rs
@ -12,9 +12,9 @@ use openidconnect::{
        CoreResponseMode, CoreResponseType, CoreRevocableToken, CoreRevocationErrorResponse,
        CoreSubjectIdentifierType, CoreTokenIntrospectionResponse, CoreTokenType,
    },
-    AccessToken, Audience, ClientId, CsrfToken, EmptyExtraTokenFields, EndpointMaybeSet,
-    EndpointNotSet, EndpointSet, IdTokenFields, Nonce, PkceCodeVerifier, RefreshToken,
-    StandardErrorResponse, StandardTokenResponse,
+    AccessToken, Audience, AuthenticationContextClass, ClientId, CsrfToken, EmptyExtraTokenFields,
+    EndpointMaybeSet, EndpointNotSet, EndpointSet, IdTokenFields, Nonce, PkceCodeVerifier,
+    RefreshToken, Scope, StandardErrorResponse, StandardTokenResponse,
 };
 use serde::{de::DeserializeOwned, Deserialize, Serialize};

@ -102,12 +102,12 @@ pub type BoxError = Box<dyn std::error::Error + Send + Sync>;
 /// OpenID Connect Client
 #[derive(Clone)]
 pub struct OidcClient<AC: AdditionalClaims> {
-    scopes: Vec<Box<str>>,
+    scopes: Vec<Scope>,
    client_id: ClientId,
    client: Client<AC>,
    http_client: reqwest::Client,
    end_session_endpoint: Option<Uri>,
-    auth_context_class: Option<Box<str>>,
+    auth_context_class: Option<AuthenticationContextClass>,
    untrusted_audiences: Vec<Audience>,
 }

--- a/src/middleware.rs
+++ b/src/middleware.rs
@ -16,8 +16,8 @@ use tower_sessions::Session;

 use openidconnect::{
    core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim, CoreJsonWebKey},
-    AccessToken, AccessTokenHash, AuthenticationContextClass, CsrfToken, IdTokenClaims,
-    IdTokenVerifier, Nonce, OAuth2TokenResponse, PkceCodeChallenge, RefreshToken,
+    AccessToken, AccessTokenHash, CsrfToken, IdTokenClaims, IdTokenVerifier, Nonce,
+    OAuth2TokenResponse, PkceCodeChallenge, RefreshToken,
    RequestTokenError::ServerResponse,
    Scope, TokenResponse, UserInfoClaims,
 };
@ -143,8 +143,7 @@ where
                    }

                    if let Some(acr) = oidcclient.auth_context_class {
-                        auth = auth
-                            .add_auth_context_value(AuthenticationContextClass::new(acr.into()));
+                        auth = auth.add_auth_context_value(acr);
                    }

                    auth.set_pkce_challenge(pkce_challenge).url()