mirror of
https://github.com/pfzetto/axum-oidc.git
synced 2024-11-23 20:12:49 +01:00
Merge d837f3b6d6
into e62aba722c
This commit is contained in:
commit
838d788317
3 changed files with 17 additions and 2 deletions
|
@ -41,6 +41,7 @@ pub async fn run(
|
||||||
client_id,
|
client_id,
|
||||||
client_secret,
|
client_secret,
|
||||||
vec![],
|
vec![],
|
||||||
|
None,
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
|
|
|
@ -100,6 +100,7 @@ pub struct OidcClient<AC: AdditionalClaims> {
|
||||||
client: Client<AC>,
|
client: Client<AC>,
|
||||||
application_base_url: Uri,
|
application_base_url: Uri,
|
||||||
end_session_endpoint: Option<Uri>,
|
end_session_endpoint: Option<Uri>,
|
||||||
|
acr: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<AC: AdditionalClaims> OidcClient<AC> {
|
impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||||
|
@ -110,6 +111,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||||
client_id: String,
|
client_id: String,
|
||||||
client_secret: Option<String>,
|
client_secret: Option<String>,
|
||||||
scopes: Vec<String>,
|
scopes: Vec<String>,
|
||||||
|
acr: Option<String>,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
let end_session_endpoint = provider_metadata
|
let end_session_endpoint = provider_metadata
|
||||||
.additional_metadata()
|
.additional_metadata()
|
||||||
|
@ -129,6 +131,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||||
client_id,
|
client_id,
|
||||||
application_base_url,
|
application_base_url,
|
||||||
end_session_endpoint,
|
end_session_endpoint,
|
||||||
|
acr,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -140,6 +143,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||||
client_id: String,
|
client_id: String,
|
||||||
client_secret: Option<String>,
|
client_secret: Option<String>,
|
||||||
scopes: Vec<String>,
|
scopes: Vec<String>,
|
||||||
|
acr: Option<String>,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
let client = reqwest::Client::default();
|
let client = reqwest::Client::default();
|
||||||
Self::discover_new_with_client(
|
Self::discover_new_with_client(
|
||||||
|
@ -149,6 +153,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||||
client_secret,
|
client_secret,
|
||||||
scopes,
|
scopes,
|
||||||
&client,
|
&client,
|
||||||
|
acr,
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
|
@ -163,6 +168,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||||
client_secret: Option<String>,
|
client_secret: Option<String>,
|
||||||
scopes: Vec<String>,
|
scopes: Vec<String>,
|
||||||
client: &reqwest::Client,
|
client: &reqwest::Client,
|
||||||
|
acr: Option<String>,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
// modified version of `openidconnect::reqwest::async_client::async_http_client`.
|
// modified version of `openidconnect::reqwest::async_client::async_http_client`.
|
||||||
let async_http_client = |request: HttpRequest| async move {
|
let async_http_client = |request: HttpRequest| async move {
|
||||||
|
@ -202,6 +208,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||||
client_id,
|
client_id,
|
||||||
client_secret,
|
client_secret,
|
||||||
scopes,
|
scopes,
|
||||||
|
acr,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,8 +17,9 @@ use tower_sessions::Session;
|
||||||
use openidconnect::{
|
use openidconnect::{
|
||||||
core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim},
|
core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim},
|
||||||
reqwest::async_http_client,
|
reqwest::async_http_client,
|
||||||
AccessToken, AccessTokenHash, AuthorizationCode, CsrfToken, IdTokenClaims, Nonce,
|
AccessToken, AccessTokenHash, AuthenticationContextClass, AuthorizationCode, CsrfToken,
|
||||||
OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken,
|
IdTokenClaims, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl,
|
||||||
|
RefreshToken,
|
||||||
RequestTokenError::ServerResponse,
|
RequestTokenError::ServerResponse,
|
||||||
Scope, TokenResponse,
|
Scope, TokenResponse,
|
||||||
};
|
};
|
||||||
|
@ -187,6 +188,10 @@ where
|
||||||
for scope in oidcclient.scopes.iter() {
|
for scope in oidcclient.scopes.iter() {
|
||||||
auth = auth.add_scope(Scope::new(scope.to_string()));
|
auth = auth.add_scope(Scope::new(scope.to_string()));
|
||||||
}
|
}
|
||||||
|
if let Some(acr) = oidcclient.acr {
|
||||||
|
auth =
|
||||||
|
auth.add_auth_context_value(AuthenticationContextClass::new(acr));
|
||||||
|
}
|
||||||
|
|
||||||
auth.set_pkce_challenge(pkce_challenge).url()
|
auth.set_pkce_challenge(pkce_challenge).url()
|
||||||
};
|
};
|
||||||
|
@ -228,6 +233,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
|
||||||
client_id: String,
|
client_id: String,
|
||||||
client_secret: Option<String>,
|
client_secret: Option<String>,
|
||||||
scopes: Vec<String>,
|
scopes: Vec<String>,
|
||||||
|
acr: Option<String>,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
client: OidcClient::<AC>::discover_new(
|
client: OidcClient::<AC>::discover_new(
|
||||||
|
@ -236,6 +242,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
|
||||||
client_id,
|
client_id,
|
||||||
client_secret,
|
client_secret,
|
||||||
scopes,
|
scopes,
|
||||||
|
acr,
|
||||||
)
|
)
|
||||||
.await?,
|
.await?,
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue