pfzetto/axum-oidc
1
0
Fork 0
mirror of https://codeberg.org/pfzetto/axum-oidc synced 2025-12-09 22:55:17 +01:00
Code Issues Projects Releases Packages Wiki Activity

implement fix for #10

Browse source 
fixed #10 by implementing a flag in the response extensions that
instructs the middleware to clear the session. The flag is automatically
set when using the `OidcRpInitiatedLogout` as a responder.

improved documentation

modified example to reflect api changes
This commit is contained in:
Paul Zinselmeyer 2024-04-20 20:35:04 +02:00
parent a7b76ace76
commit ac3e0caa0b
Signed by: pfzetto
GPG key ID: 142847B253911DB0
5 changed files with 76 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/extractor.rs
View file

@ -1,14 +1,15 @@
use std::{borrow::Cow, ops::Deref};
use crate::{error::ExtractorError, AdditionalClaims};
use crate::{error::ExtractorError, AdditionalClaims, ClearSessionFlag};
use async_trait::async_trait;
use axum_core::extract::FromRequestParts;
use axum::response::Redirect;
use axum_core::{extract::FromRequestParts, response::IntoResponse};
use http::{request::Parts, uri::PathAndQuery, Uri};
use openidconnect::{core::CoreGenderClaim, IdTokenClaims};
/// Extractor for the OpenID Connect Claims.
///
/// This Extractor will only return the Claims when the cached session is valid and [crate::middleware::OidcAuthMiddleware] is loaded.
/// This Extractor will only return the Claims when the cached session is valid and [`crate::middleware::OidcAuthMiddleware`] is loaded.
#[derive(Clone)]
pub struct OidcClaims<AC: AdditionalClaims>(pub IdTokenClaims<AC, CoreGenderClaim>);
@ -48,7 +49,7 @@ where
/// Extractor for the OpenID Connect Access Token.
///
/// This Extractor will only return the Access Token when the cached session is valid and [crate::middleware::OidcAuthMiddleware] is loaded.
/// This Extractor will only return the Access Token when the cached session is valid and [`crate::middleware::OidcAuthMiddleware`] is loaded.
#[derive(Clone)]
pub struct OidcAccessToken(pub String);
@ -84,7 +85,7 @@ impl AsRef<str> for OidcAccessToken {
/// Extractor for the [OpenID Connect RP-Initialized Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) URL
///
/// This Extractor will only succed when the cached session is valid, [crate::middleware::OidcAuthMiddleware] is loaded and the issuer supports RP-Initialized Logout.
/// This Extractor will only succed when the cached session is valid, [`crate::middleware::OidcAuthMiddleware`] is loaded and the issuer supports RP-Initialized Logout.
#[derive(Clone)]
pub struct OidcRpInitiatedLogout {
pub(crate) end_session_endpoint: Uri,
@ -106,7 +107,9 @@ impl OidcRpInitiatedLogout {
self.state = Some(state);
self
}
/// get the uri that the client needs to access for logout
/// get the uri that the client needs to access for logout. This does **NOT** delete the
/// session in axum-oidc. You should use the [`ClearSessionFlag`] responder or include
/// [`OidcRpInitiatedLogout`] in the response extensions
pub fn uri(&self) -> Result<Uri, http::Error> {
let mut parts = self.end_session_endpoint.clone().into_parts();
@ -159,3 +162,17 @@ where
.ok_or(ExtractorError::Unauthorized)
}
}
impl IntoResponse for OidcRpInitiatedLogout {
/// redirect to the logout uri and signal the [`crate::middleware::OidcAuthMiddleware`] that
/// the session should be cleared
fn into_response(self) -> axum_core::response::Response {
if let Ok(uri) = self.uri() {
let mut response = Redirect::temporary(&uri.to_string()).into_response();
response.extensions_mut().insert(ClearSessionFlag);
response
} else {
ExtractorError::FailedToCreateRpInitiatedLogoutUri.into_response()
}
}
}