fix: correct error handling in rp initiated logout

Previously the extractor would return `ExtractorError::Unauthorized` when the issuer
does not provide a end_session_endpoint.
Now it will return a `ExtractorError::RpInitiatedLogoutNotSupported`.

README.md

@@ -1,5 +1,5 @@
 This Library allows using [OpenID Connect](https://openid.net/developers/how-connect-works/) with [axum](https://github.com/tokio-rs/axum). 
-It authenticates the user with the OpenID Conenct Issuer and provides Extractors.
+It authenticates the user with the OpenID Connect Issuer and provides Extractors.
 
 # Usage
 The `OidcAuthLayer` must be loaded on any handler that might use the extractors.
@@ -22,7 +22,7 @@ Take a look at the `examples` folder for examples.
 
 # Older Versions
 All versions on [crates.io](https://crates.io) are available as git tags.
-Additonal all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented.
+Additional all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented.
 Examples for each version can be found there in the previously mentioned `examples` folder.
 
 # Contributing

src/error.rs

@@ -11,11 +11,12 @@ pub enum ExtractorError {
     #[error("unauthorized")]
     Unauthorized,
 
-    #[error("rp initiated logout information not found")]
-    RpInitiatedLogoutInformationNotFound,
+    #[error("rp initiated logout not supported by issuer")]
+    RpInitiatedLogoutNotSupported,
 
     #[error("could not build rp initiated logout uri")]
     FailedToCreateRpInitiatedLogoutUri,
+
 }
 
 #[derive(Debug, Error)]
@@ -88,7 +89,7 @@ impl IntoResponse for ExtractorError {
     fn into_response(self) -> axum_core::response::Response {
         match self {
             Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
-            Self::RpInitiatedLogoutInformationNotFound => {
+            Self::RpInitiatedLogoutNotSupported => {
                 (StatusCode::INTERNAL_SERVER_ERROR, "intenal server error").into_response()
             }
             Self::FailedToCreateRpInitiatedLogoutUri => {

src/extractor.rs

@@ -155,11 +155,14 @@ where
     type Rejection = ExtractorError;
 
     async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
-        parts
+        match parts
             .extensions
-            .get::<Self>()
+            .get::<Option<Self>>()
             .cloned()
-            .ok_or(ExtractorError::Unauthorized)
+            .ok_or(ExtractorError::Unauthorized)?{
+            Some(this) => Ok(this),
+            None => Err(ExtractorError::RpInitiatedLogoutNotSupported),
+            }
     }
 }
 

src/middleware.rs

@@ -409,15 +409,16 @@ fn insert_extensions<AC: AdditionalClaims>(
     parts.extensions.insert(OidcAccessToken(
         authenticated_session.access_token.secret().to_string(),
     ));
-    if let Some(end_session_endpoint) = &client.end_session_endpoint {
-        parts.extensions.insert(OidcRpInitiatedLogout {
+    let rp_initiated_logout = client.end_session_endpoint.as_ref().map(|end_session_endpoint|
+OidcRpInitiatedLogout {
             end_session_endpoint: end_session_endpoint.clone(),
             id_token_hint: authenticated_session.id_token.to_string(),
             client_id: client.client_id.clone(),
             post_logout_redirect_uri: None,
             state: None,
-        });
-    }
+        }
+    );
+        parts.extensions.insert(rp_initiated_logout);
 }
 
 /// Verify the access token hash to ensure that the access token hasn't been substituted for