add acr parameter for auth-layer

2024-11-21 11:02:50 +01:00 · 2024-05-24 14:39:22 +02:00 · 2024-05-24 14:39:22 +02:00 · d837f3b6d6
commit d837f3b6d6
parent e62aba722c
3 changed files with 17 additions and 2 deletions
--- a/examples/basic/src/lib.rs
+++ b/examples/basic/src/lib.rs
@ -41,6 +41,7 @@ pub async fn run(
                client_id,
                client_secret,
                vec![],
+                None,
            )
            .await
            .unwrap(),
--- a/src/lib.rs
+++ b/src/lib.rs
@ -100,6 +100,7 @@ pub struct OidcClient<AC: AdditionalClaims> {
    client: Client<AC>,
    application_base_url: Uri,
    end_session_endpoint: Option<Uri>,
+    acr: Option<String>,
 }

 impl<AC: AdditionalClaims> OidcClient<AC> {
@ -110,6 +111,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
        client_id: String,
        client_secret: Option<String>,
        scopes: Vec<String>,
+        acr: Option<String>,
    ) -> Result<Self, Error> {
        let end_session_endpoint = provider_metadata
            .additional_metadata()
@ -129,6 +131,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
            client_id,
            application_base_url,
            end_session_endpoint,
+            acr,
        })
    }

@ -140,6 +143,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
        client_id: String,
        client_secret: Option<String>,
        scopes: Vec<String>,
+        acr: Option<String>,
    ) -> Result<Self, Error> {
        let client = reqwest::Client::default();
        Self::discover_new_with_client(
@ -149,6 +153,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
            client_secret,
            scopes,
            &client,
+            acr,
        )
        .await
    }
@ -163,6 +168,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
        client_secret: Option<String>,
        scopes: Vec<String>,
        client: &reqwest::Client,
+        acr: Option<String>,
    ) -> Result<Self, Error> {
        // modified version of `openidconnect::reqwest::async_client::async_http_client`.
        let async_http_client = |request: HttpRequest| async move {
@ -202,6 +208,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
            client_id,
            client_secret,
            scopes,
+            acr,
        )
    }
 }
--- a/src/middleware.rs
+++ b/src/middleware.rs
@ -17,8 +17,9 @@ use tower_sessions::Session;
 use openidconnect::{
    core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim},
    reqwest::async_http_client,
-    AccessToken, AccessTokenHash, AuthorizationCode, CsrfToken, IdTokenClaims, Nonce,
-    OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken,
+    AccessToken, AccessTokenHash, AuthenticationContextClass, AuthorizationCode, CsrfToken,
+    IdTokenClaims, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl,
+    RefreshToken,
    RequestTokenError::ServerResponse,
    Scope, TokenResponse,
 };
@ -187,6 +188,10 @@ where
                        for scope in oidcclient.scopes.iter() {
                            auth = auth.add_scope(Scope::new(scope.to_string()));
                        }
+                        if let Some(acr) = oidcclient.acr {
+                            auth =
+                                auth.add_auth_context_value(AuthenticationContextClass::new(acr));
+                        }

                        auth.set_pkce_challenge(pkce_challenge).url()
                    };
@ -228,6 +233,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
        client_id: String,
        client_secret: Option<String>,
        scopes: Vec<String>,
+        acr: Option<String>,
    ) -> Result<Self, Error> {
        Ok(Self {
            client: OidcClient::<AC>::discover_new(
@ -236,6 +242,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
                client_id,
                client_secret,
                scopes,
+                acr,
            )
            .await?,
        })