mirror of
https://github.com/pfzetto/axum-oidc.git
synced 2025-01-18 04:49:03 +01:00
fix: correct error handling in rp initiated logout
Previously the extractor would return `ExtractorError::Unauthorized` when the issuer does not provide a end_session_endpoint. Now it will return a `ExtractorError::RpInitiatedLogoutNotSupported`.
This commit is contained in:
parent
32ecc2041b
commit
202b61fa83
3 changed files with 15 additions and 10 deletions
|
@ -11,11 +11,12 @@ pub enum ExtractorError {
|
|||
#[error("unauthorized")]
|
||||
Unauthorized,
|
||||
|
||||
#[error("rp initiated logout information not found")]
|
||||
RpInitiatedLogoutInformationNotFound,
|
||||
#[error("rp initiated logout not supported by issuer")]
|
||||
RpInitiatedLogoutNotSupported,
|
||||
|
||||
#[error("could not build rp initiated logout uri")]
|
||||
FailedToCreateRpInitiatedLogoutUri,
|
||||
|
||||
}
|
||||
|
||||
#[derive(Debug, Error)]
|
||||
|
@ -88,7 +89,7 @@ impl IntoResponse for ExtractorError {
|
|||
fn into_response(self) -> axum_core::response::Response {
|
||||
match self {
|
||||
Self::Unauthorized => (StatusCode::UNAUTHORIZED, "unauthorized").into_response(),
|
||||
Self::RpInitiatedLogoutInformationNotFound => {
|
||||
Self::RpInitiatedLogoutNotSupported => {
|
||||
(StatusCode::INTERNAL_SERVER_ERROR, "intenal server error").into_response()
|
||||
}
|
||||
Self::FailedToCreateRpInitiatedLogoutUri => {
|
||||
|
|
|
@ -155,11 +155,14 @@ where
|
|||
type Rejection = ExtractorError;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, _: &S) -> Result<Self, Self::Rejection> {
|
||||
parts
|
||||
match parts
|
||||
.extensions
|
||||
.get::<Self>()
|
||||
.get::<Option<Self>>()
|
||||
.cloned()
|
||||
.ok_or(ExtractorError::Unauthorized)
|
||||
.ok_or(ExtractorError::Unauthorized)?{
|
||||
Some(this) => Ok(this),
|
||||
None => Err(ExtractorError::RpInitiatedLogoutNotSupported),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -409,15 +409,16 @@ fn insert_extensions<AC: AdditionalClaims>(
|
|||
parts.extensions.insert(OidcAccessToken(
|
||||
authenticated_session.access_token.secret().to_string(),
|
||||
));
|
||||
if let Some(end_session_endpoint) = &client.end_session_endpoint {
|
||||
parts.extensions.insert(OidcRpInitiatedLogout {
|
||||
let rp_initiated_logout = client.end_session_endpoint.as_ref().map(|end_session_endpoint|
|
||||
OidcRpInitiatedLogout {
|
||||
end_session_endpoint: end_session_endpoint.clone(),
|
||||
id_token_hint: authenticated_session.id_token.to_string(),
|
||||
client_id: client.client_id.clone(),
|
||||
post_logout_redirect_uri: None,
|
||||
state: None,
|
||||
});
|
||||
}
|
||||
}
|
||||
);
|
||||
parts.extensions.insert(rp_initiated_logout);
|
||||
}
|
||||
|
||||
/// Verify the access token hash to ensure that the access token hasn't been substituted for
|
||||
|
|
Loading…
Reference in a new issue