axum-oidc/src/lib.rs

141 lines
3.9 KiB
Rust
Raw Normal View History

2023-11-03 19:42:54 +01:00
#![doc = include_str!("../README.md")]
2023-11-29 19:07:34 +01:00
use std::str::FromStr;
2023-11-03 19:42:54 +01:00
use crate::error::Error;
use http::Uri;
use openidconnect::{
core::{
CoreAuthDisplay, CoreAuthPrompt, CoreErrorResponseType, CoreGenderClaim, CoreJsonWebKey,
CoreJsonWebKeyType, CoreJsonWebKeyUse, CoreJweContentEncryptionAlgorithm,
CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreRevocableToken,
CoreRevocationErrorResponse, CoreTokenIntrospectionResponse, CoreTokenType,
},
reqwest::async_http_client,
ClientId, ClientSecret, CsrfToken, EmptyExtraTokenFields, IdTokenFields, IssuerUrl, Nonce,
2023-11-29 19:07:34 +01:00
PkceCodeVerifier, RefreshToken, StandardErrorResponse, StandardTokenResponse,
2023-11-03 19:42:54 +01:00
};
use serde::{Deserialize, Serialize};
pub mod error;
mod extractor;
mod middleware;
pub use extractor::{OidcAccessToken, OidcClaims};
pub use middleware::{OidcAuthLayer, OidcAuthMiddleware, OidcLoginLayer, OidcLoginMiddleware};
const SESSION_KEY: &str = "axum-oidc";
pub trait AdditionalClaims: openidconnect::AdditionalClaims + Clone + Sync + Send {}
type OidcTokenResponse<AC> = StandardTokenResponse<
IdTokenFields<
AC,
EmptyExtraTokenFields,
CoreGenderClaim,
CoreJweContentEncryptionAlgorithm,
CoreJwsSigningAlgorithm,
CoreJsonWebKeyType,
>,
CoreTokenType,
>;
pub type IdToken<AZ> = openidconnect::IdToken<
AZ,
CoreGenderClaim,
CoreJweContentEncryptionAlgorithm,
CoreJwsSigningAlgorithm,
CoreJsonWebKeyType,
>;
type Client<AC> = openidconnect::Client<
AC,
CoreAuthDisplay,
CoreGenderClaim,
CoreJweContentEncryptionAlgorithm,
CoreJwsSigningAlgorithm,
CoreJsonWebKeyType,
CoreJsonWebKeyUse,
CoreJsonWebKey,
CoreAuthPrompt,
StandardErrorResponse<CoreErrorResponseType>,
OidcTokenResponse<AC>,
CoreTokenType,
CoreTokenIntrospectionResponse,
CoreRevocableToken,
CoreRevocationErrorResponse,
>;
pub type BoxError = Box<dyn std::error::Error + Send + Sync>;
/// OpenID Connect Client
#[derive(Clone)]
pub struct OidcClient<AC: AdditionalClaims> {
scopes: Vec<String>,
client: Client<AC>,
application_base_url: Uri,
}
impl<AC: AdditionalClaims> OidcClient<AC> {
pub async fn discover_new(
application_base_url: Uri,
issuer: String,
client_id: String,
client_secret: Option<String>,
scopes: Vec<String>,
) -> Result<Self, Error> {
let provider_metadata =
CoreProviderMetadata::discover_async(IssuerUrl::new(issuer)?, async_http_client)
.await?;
let client = Client::from_provider_metadata(
provider_metadata,
ClientId::new(client_id),
2023-11-29 19:07:34 +01:00
client_secret.map(ClientSecret::new),
2023-11-03 19:42:54 +01:00
);
Ok(Self {
scopes,
client,
application_base_url,
})
}
}
/// an empty struct to be used as the default type for the additional claims generic
#[derive(Deserialize, Serialize, Debug, Clone, Copy, Default)]
pub struct EmptyAdditionalClaims {}
impl AdditionalClaims for EmptyAdditionalClaims {}
impl openidconnect::AdditionalClaims for EmptyAdditionalClaims {}
/// response data of the openid issuer after login
#[derive(Debug, Deserialize)]
struct OidcQuery {
code: String,
state: String,
#[allow(dead_code)]
session_state: String,
}
/// oidc session
#[derive(Serialize, Deserialize, Debug)]
struct OidcSession {
nonce: Nonce,
csrf_token: CsrfToken,
pkce_verifier: PkceCodeVerifier,
id_token: Option<String>,
access_token: Option<String>,
2023-11-29 19:07:34 +01:00
refresh_token: Option<String>,
}
impl OidcSession {
pub(crate) fn id_token<AC: AdditionalClaims>(&self) -> Option<IdToken<AC>> {
self.id_token
.as_ref()
.map(|x| IdToken::<AC>::from_str(x).unwrap())
}
pub(crate) fn refresh_token(&self) -> Option<RefreshToken> {
self.refresh_token
.as_ref()
.map(|x| RefreshToken::new(x.to_string()))
}
2023-11-03 19:42:54 +01:00
}