pfzetto/axum-oidc
1
0
Fork 0
mirror of https://github.com/pfzetto/axum-oidc.git synced 2025-12-07 16:35:17 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix regression from #39 that broke #34 again

Browse source
This commit is contained in:
JuliDi 2025-11-26 15:51:30 +01:00
parent a766608f55
commit 4c508a22e6
No known key found for this signature in database
GPG key ID: E1E90AE563D09D63
1 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/middleware.rs
View file

@ -17,7 +17,7 @@ use tower_sessions::Session;
use openidconnect::{ use openidconnect::{
core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim, CoreJsonWebKey}, core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim, CoreJsonWebKey},
AccessToken, AccessTokenHash, CsrfToken, IdTokenClaims, IdTokenVerifier, Nonce, AccessToken, AccessTokenHash, CsrfToken, IdTokenClaims, IdTokenVerifier, Nonce,
OAuth2TokenResponse, PkceCodeChallenge, RefreshToken, NonceVerifier as _, OAuth2TokenResponse, PkceCodeChallenge, RefreshToken,
RequestTokenError::ServerResponse, RequestTokenError::ServerResponse,
Scope, TokenResponse, UserInfoClaims, Scope, TokenResponse, UserInfoClaims,
}; };
@ -425,7 +425,12 @@ async fn try_refresh_token<AC: AdditionalClaims>(
.set_other_audience_verifier_fn(|audience| .set_other_audience_verifier_fn(|audience|
// Return false (reject) if audience is in list of untrusted audiences // Return false (reject) if audience is in list of untrusted audiences
!client.untrusted_audiences.contains(audience)); !client.untrusted_audiences.contains(audience));
let claims = id_token.claims(&id_token_verifier, nonce)?; let claims = id_token.claims(&id_token_verifier, |claims_nonce: Option<&Nonce>| {
match claims_nonce {
Some(_) => nonce.verify(claims_nonce),
None => Ok(()),
}
})?;
validate_access_token_hash( validate_access_token_hash(
id_token, id_token,