Compare commits

..

No commits in common. "202b61fa8375dc2c8ab10d244fc36b220434e890" and "e62aba722c8eaf81e6961cc178d26e8f3aefddd3" have entirely different histories.

4 changed files with 12 additions and 17 deletions

View file

@ -1,5 +1,5 @@
This Library allows using [OpenID Connect](https://openid.net/developers/how-connect-works/) with [axum](https://github.com/tokio-rs/axum). This Library allows using [OpenID Connect](https://openid.net/developers/how-connect-works/) with [axum](https://github.com/tokio-rs/axum).
It authenticates the user with the OpenID Connect Issuer and provides Extractors. It authenticates the user with the OpenID Conenct Issuer and provides Extractors.
# Usage # Usage
The `OidcAuthLayer` must be loaded on any handler that might use the extractors. The `OidcAuthLayer` must be loaded on any handler that might use the extractors.
@ -22,7 +22,7 @@ Take a look at the `examples` folder for examples.
# Older Versions # Older Versions
All versions on [crates.io](https://crates.io) are available as git tags. All versions on [crates.io](https://crates.io) are available as git tags.
Additional all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented. Additonal all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented.
Examples for each version can be found there in the previously mentioned `examples` folder. Examples for each version can be found there in the previously mentioned `examples` folder.
# Contributing # Contributing

View file

@ -11,12 +11,11 @@ pub enum ExtractorError {
#[error("unauthorized")] #[error("unauthorized")]
Unauthorized, Unauthorized,
#[error("rp initiated logout not supported by issuer")] #[error("rp initiated logout information not found")]
RpInitiatedLogoutNotSupported, RpInitiatedLogoutInformationNotFound,
#[error("could not build rp initiated logout uri")] #[error("could not build rp initiated logout uri")]
FailedToCreateRpInitiatedLogoutUri, FailedToCreateRpInitiatedLogoutUri,
} }
#[derive(Debug, Error)] #[derive(Debug, Error)]
@ -89,7 +88,7 @@ impl IntoResponse for ExtractorError {
fn into_response(self) -> axum_core::response::Response { fn into_response(self) -> axum_core::response::Response {
match self { match self {
Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(), Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
Self::RpInitiatedLogoutNotSupported => { Self::RpInitiatedLogoutInformationNotFound => {
(StatusCode::INTERNAL_SERVER_ERROR, "intenal server error").into_response() (StatusCode::INTERNAL_SERVER_ERROR, "intenal server error").into_response()
} }
Self::FailedToCreateRpInitiatedLogoutUri => { Self::FailedToCreateRpInitiatedLogoutUri => {

View file

@ -155,14 +155,11 @@ where
type Rejection = ExtractorError; type Rejection = ExtractorError;
async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> { async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
match parts parts
.extensions .extensions
.get::<Option<Self>>() .get::<Self>()
.cloned() .cloned()
.ok_or(ExtractorError::Unauthorized)?{ .ok_or(ExtractorError::Unauthorized)
Some(this) => Ok(this),
None => Err(ExtractorError::RpInitiatedLogoutNotSupported),
}
} }
} }

View file

@ -409,16 +409,15 @@ fn insert_extensions<AC: AdditionalClaims>(
parts.extensions.insert(OidcAccessToken( parts.extensions.insert(OidcAccessToken(
authenticated_session.access_token.secret().to_string(), authenticated_session.access_token.secret().to_string(),
)); ));
let rp_initiated_logout = client.end_session_endpoint.as_ref().map(|end_session_endpoint| if let Some(end_session_endpoint) = &client.end_session_endpoint {
OidcRpInitiatedLogout { parts.extensions.insert(OidcRpInitiatedLogout {
end_session_endpoint: end_session_endpoint.clone(), end_session_endpoint: end_session_endpoint.clone(),
id_token_hint: authenticated_session.id_token.to_string(), id_token_hint: authenticated_session.id_token.to_string(),
client_id: client.client_id.clone(), client_id: client.client_id.clone(),
post_logout_redirect_uri: None, post_logout_redirect_uri: None,
state: None, state: None,
});
} }
);
parts.extensions.insert(rp_initiated_logout);
} }
/// Verify the access token hash to ensure that the access token hasn't been substituted for /// Verify the access token hash to ensure that the access token hasn't been substituted for