mirror of
https://github.com/pfzetto/axum-oidc.git
synced 2024-11-25 12:59:36 +01:00
Compare commits
3 commits
e62aba722c
...
202b61fa83
Author | SHA1 | Date | |
---|---|---|---|
202b61fa83 | |||
32ecc2041b | |||
|
bda8797960 |
4 changed files with 17 additions and 12 deletions
|
@ -1,5 +1,5 @@
|
||||||
This Library allows using [OpenID Connect](https://openid.net/developers/how-connect-works/) with [axum](https://github.com/tokio-rs/axum).
|
This Library allows using [OpenID Connect](https://openid.net/developers/how-connect-works/) with [axum](https://github.com/tokio-rs/axum).
|
||||||
It authenticates the user with the OpenID Conenct Issuer and provides Extractors.
|
It authenticates the user with the OpenID Connect Issuer and provides Extractors.
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
The `OidcAuthLayer` must be loaded on any handler that might use the extractors.
|
The `OidcAuthLayer` must be loaded on any handler that might use the extractors.
|
||||||
|
@ -22,7 +22,7 @@ Take a look at the `examples` folder for examples.
|
||||||
|
|
||||||
# Older Versions
|
# Older Versions
|
||||||
All versions on [crates.io](https://crates.io) are available as git tags.
|
All versions on [crates.io](https://crates.io) are available as git tags.
|
||||||
Additonal all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented.
|
Additional all minor versions have their own branch (format `vX.Y` where `X` is the major and `Y` is the minor version) where bug fixes are implemented.
|
||||||
Examples for each version can be found there in the previously mentioned `examples` folder.
|
Examples for each version can be found there in the previously mentioned `examples` folder.
|
||||||
|
|
||||||
# Contributing
|
# Contributing
|
||||||
|
|
|
@ -11,11 +11,12 @@ pub enum ExtractorError {
|
||||||
#[error("unauthorized")]
|
#[error("unauthorized")]
|
||||||
Unauthorized,
|
Unauthorized,
|
||||||
|
|
||||||
#[error("rp initiated logout information not found")]
|
#[error("rp initiated logout not supported by issuer")]
|
||||||
RpInitiatedLogoutInformationNotFound,
|
RpInitiatedLogoutNotSupported,
|
||||||
|
|
||||||
#[error("could not build rp initiated logout uri")]
|
#[error("could not build rp initiated logout uri")]
|
||||||
FailedToCreateRpInitiatedLogoutUri,
|
FailedToCreateRpInitiatedLogoutUri,
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Error)]
|
#[derive(Debug, Error)]
|
||||||
|
@ -88,7 +89,7 @@ impl IntoResponse for ExtractorError {
|
||||||
fn into_response(self) -> axum_core::response::Response {
|
fn into_response(self) -> axum_core::response::Response {
|
||||||
match self {
|
match self {
|
||||||
Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
|
Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
|
||||||
Self::RpInitiatedLogoutInformationNotFound => {
|
Self::RpInitiatedLogoutNotSupported => {
|
||||||
(StatusCode::INTERNAL_SERVER_ERROR, "intenal server error").into_response()
|
(StatusCode::INTERNAL_SERVER_ERROR, "intenal server error").into_response()
|
||||||
}
|
}
|
||||||
Self::FailedToCreateRpInitiatedLogoutUri => {
|
Self::FailedToCreateRpInitiatedLogoutUri => {
|
||||||
|
|
|
@ -155,11 +155,14 @@ where
|
||||||
type Rejection = ExtractorError;
|
type Rejection = ExtractorError;
|
||||||
|
|
||||||
async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
|
async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
|
||||||
parts
|
match parts
|
||||||
.extensions
|
.extensions
|
||||||
.get::<Self>()
|
.get::<Option<Self>>()
|
||||||
.cloned()
|
.cloned()
|
||||||
.ok_or(ExtractorError::Unauthorized)
|
.ok_or(ExtractorError::Unauthorized)?{
|
||||||
|
Some(this) => Ok(this),
|
||||||
|
None => Err(ExtractorError::RpInitiatedLogoutNotSupported),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -409,15 +409,16 @@ fn insert_extensions<AC: AdditionalClaims>(
|
||||||
parts.extensions.insert(OidcAccessToken(
|
parts.extensions.insert(OidcAccessToken(
|
||||||
authenticated_session.access_token.secret().to_string(),
|
authenticated_session.access_token.secret().to_string(),
|
||||||
));
|
));
|
||||||
if let Some(end_session_endpoint) = &client.end_session_endpoint {
|
let rp_initiated_logout = client.end_session_endpoint.as_ref().map(|end_session_endpoint|
|
||||||
parts.extensions.insert(OidcRpInitiatedLogout {
|
OidcRpInitiatedLogout {
|
||||||
end_session_endpoint: end_session_endpoint.clone(),
|
end_session_endpoint: end_session_endpoint.clone(),
|
||||||
id_token_hint: authenticated_session.id_token.to_string(),
|
id_token_hint: authenticated_session.id_token.to_string(),
|
||||||
client_id: client.client_id.clone(),
|
client_id: client.client_id.clone(),
|
||||||
post_logout_redirect_uri: None,
|
post_logout_redirect_uri: None,
|
||||||
state: None,
|
state: None,
|
||||||
});
|
}
|
||||||
}
|
);
|
||||||
|
parts.extensions.insert(rp_initiated_logout);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Verify the access token hash to ensure that the access token hasn't been substituted for
|
/// Verify the access token hash to ensure that the access token hasn't been substituted for
|
||||||
|
|
Loading…
Reference in a new issue