pfzetto/axum-oidc
1
0
Fork 0
mirror of https://github.com/pfzetto/axum-oidc.git synced 2024-11-21 11:02:50 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge d837f3b6d6 into 202b61fa83

Browse source
This commit is contained in:
Spiegie 2024-08-30 10:38:17 +02:00 committed by GitHub
commit f8c7b64dfd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
examples/basic/src/lib.rs
View file

@ -41,6 +41,7 @@ pub async fn run(
client_id, client_id,
client_secret, client_secret,
vec![], vec![],
None,
) )
.await .await
.unwrap(), .unwrap(),

7
src/lib.rs
View file

@ -100,6 +100,7 @@ pub struct OidcClient<AC: AdditionalClaims> {
client: Client<AC>, client: Client<AC>,
application_base_url: Uri, application_base_url: Uri,
end_session_endpoint: Option<Uri>, end_session_endpoint: Option<Uri>,
acr: Option<String>,
} }
impl<AC: AdditionalClaims> OidcClient<AC> { impl<AC: AdditionalClaims> OidcClient<AC> {
@ -110,6 +111,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id: String, client_id: String,
client_secret: Option<String>, client_secret: Option<String>,
scopes: Vec<String>, scopes: Vec<String>,
acr: Option<String>,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
let end_session_endpoint = provider_metadata let end_session_endpoint = provider_metadata
.additional_metadata() .additional_metadata()
@ -129,6 +131,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id, client_id,
application_base_url, application_base_url,
end_session_endpoint, end_session_endpoint,
acr,
}) })
} }
@ -140,6 +143,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id: String, client_id: String,
client_secret: Option<String>, client_secret: Option<String>,
scopes: Vec<String>, scopes: Vec<String>,
acr: Option<String>,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
let client = reqwest::Client::default(); let client = reqwest::Client::default();
Self::discover_new_with_client( Self::discover_new_with_client(
@ -149,6 +153,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_secret, client_secret,
scopes, scopes,
&client, &client,
acr,
) )
.await .await
} }
@ -163,6 +168,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_secret: Option<String>, client_secret: Option<String>,
scopes: Vec<String>, scopes: Vec<String>,
client: &reqwest::Client, client: &reqwest::Client,
acr: Option<String>,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
// modified version of `openidconnect::reqwest::async_client::async_http_client`. // modified version of `openidconnect::reqwest::async_client::async_http_client`.
let async_http_client = |request: HttpRequest| async move { let async_http_client = |request: HttpRequest| async move {
@ -202,6 +208,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id, client_id,
client_secret, client_secret,
scopes, scopes,
acr,
) )
} }
} }

11
src/middleware.rs
View file

@ -17,8 +17,9 @@ use tower_sessions::Session;
use openidconnect::{ use openidconnect::{
core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim}, core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim},
reqwest::async_http_client, reqwest::async_http_client,
AccessToken, AccessTokenHash, AuthorizationCode, CsrfToken, IdTokenClaims, Nonce, AccessToken, AccessTokenHash, AuthenticationContextClass, AuthorizationCode, CsrfToken,
OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, IdTokenClaims, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl,
RefreshToken,
RequestTokenError::ServerResponse, RequestTokenError::ServerResponse,
Scope, TokenResponse, Scope, TokenResponse,
}; };
@ -187,6 +188,10 @@ where
for scope in oidcclient.scopes.iter() { for scope in oidcclient.scopes.iter() {
auth = auth.add_scope(Scope::new(scope.to_string())); auth = auth.add_scope(Scope::new(scope.to_string()));
} }
if let Some(acr) = oidcclient.acr {
auth =
auth.add_auth_context_value(AuthenticationContextClass::new(acr));
}
auth.set_pkce_challenge(pkce_challenge).url() auth.set_pkce_challenge(pkce_challenge).url()
}; };
@ -228,6 +233,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
client_id: String, client_id: String,
client_secret: Option<String>, client_secret: Option<String>,
scopes: Vec<String>, scopes: Vec<String>,
acr: Option<String>,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
Ok(Self { Ok(Self {
client: OidcClient::<AC>::discover_new( client: OidcClient::<AC>::discover_new(
@ -236,6 +242,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
client_id, client_id,
client_secret, client_secret,
scopes, scopes,
acr,
) )
.await?, .await?,
}) })