mirror of
https://github.com/pfzetto/axum-oidc.git
synced 2024-12-03 16:27:14 +01:00
Compare commits
3 commits
e62aba722c
...
202b61fa83
Author | SHA1 | Date | |
---|---|---|---|
202b61fa83 | |||
32ecc2041b | |||
|
bda8797960 |
4 changed files with 17 additions and 12 deletions
|
@ -1,5 +1,5 @@
|
|||
This Library allows using [OpenID Connect](https://openid.net/developers/how-connect-works/) with [axum](https://github.com/tokio-rs/axum).
|
||||
It authenticates the user with the OpenID Conenct Issuer and provides Extractors.
|
||||
It authenticates the user with the OpenID Connect Issuer and provides Extractors.
|
||||
|
||||
# Usage
|
||||
The `OidcAuthLayer` must be loaded on any handler that might use the extractors.
|
||||
|
@ -22,7 +22,7 @@ Take a look at the `examples` folder for examples.
|
|||
|
||||
# Older Versions
|
||||
All versions on [crates.io](https://crates.io) are available as git tags.
|
||||
Additonal all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented.
|
||||
Additional all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented.
|
||||
Examples for each version can be found there in the previously mentioned `examples` folder.
|
||||
|
||||
# Contributing
|
||||
|
|
|
@ -11,11 +11,12 @@ pub enum ExtractorError {
|
|||
#[error("unauthorized")]
|
||||
Unauthorized,
|
||||
|
||||
#[error("rp initiated logout information not found")]
|
||||
RpInitiatedLogoutInformationNotFound,
|
||||
#[error("rp initiated logout not supported by issuer")]
|
||||
RpInitiatedLogoutNotSupported,
|
||||
|
||||
#[error("could not build rp initiated logout uri")]
|
||||
FailedToCreateRpInitiatedLogoutUri,
|
||||
|
||||
}
|
||||
|
||||
#[derive(Debug, Error)]
|
||||
|
@ -88,7 +89,7 @@ impl IntoResponse for ExtractorError {
|
|||
fn into_response(self) -> axum_core::response::Response {
|
||||
match self {
|
||||
Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
|
||||
Self::RpInitiatedLogoutInformationNotFound => {
|
||||
Self::RpInitiatedLogoutNotSupported => {
|
||||
(StatusCode::INTERNAL_SERVER_ERROR, "intenal server error").into_response()
|
||||
}
|
||||
Self::FailedToCreateRpInitiatedLogoutUri => {
|
||||
|
|
|
@ -155,11 +155,14 @@ where
|
|||
type Rejection = ExtractorError;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
|
||||
parts
|
||||
match parts
|
||||
.extensions
|
||||
.get::<Self>()
|
||||
.get::<Option<Self>>()
|
||||
.cloned()
|
||||
.ok_or(ExtractorError::Unauthorized)
|
||||
.ok_or(ExtractorError::Unauthorized)?{
|
||||
Some(this) => Ok(this),
|
||||
None => Err(ExtractorError::RpInitiatedLogoutNotSupported),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -409,15 +409,16 @@ fn insert_extensions<AC: AdditionalClaims>(
|
|||
parts.extensions.insert(OidcAccessToken(
|
||||
authenticated_session.access_token.secret().to_string(),
|
||||
));
|
||||
if let Some(end_session_endpoint) = &client.end_session_endpoint {
|
||||
parts.extensions.insert(OidcRpInitiatedLogout {
|
||||
let rp_initiated_logout = client.end_session_endpoint.as_ref().map(|end_session_endpoint|
|
||||
OidcRpInitiatedLogout {
|
||||
end_session_endpoint: end_session_endpoint.clone(),
|
||||
id_token_hint: authenticated_session.id_token.to_string(),
|
||||
client_id: client.client_id.clone(),
|
||||
post_logout_redirect_uri: None,
|
||||
state: None,
|
||||
});
|
||||
}
|
||||
}
|
||||
);
|
||||
parts.extensions.insert(rp_initiated_logout);
|
||||
}
|
||||
|
||||
/// Verify the access token hash to ensure that the access token hasn't been substituted for
|
||||
|
|
Loading…
Reference in a new issue