This commit is contained in:
Spiegie 2024-06-08 20:45:34 +00:00 committed by GitHub
commit 838d788317
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 17 additions and 2 deletions

View file

@ -41,6 +41,7 @@ pub async fn run(
client_id,
client_secret,
vec![],
None,
)
.await
.unwrap(),

View file

@ -100,6 +100,7 @@ pub struct OidcClient<AC: AdditionalClaims> {
client: Client<AC>,
application_base_url: Uri,
end_session_endpoint: Option<Uri>,
acr: Option<String>,
}
impl<AC: AdditionalClaims> OidcClient<AC> {
@ -110,6 +111,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id: String,
client_secret: Option<String>,
scopes: Vec<String>,
acr: Option<String>,
) -> Result<Self, Error> {
let end_session_endpoint = provider_metadata
.additional_metadata()
@ -129,6 +131,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id,
application_base_url,
end_session_endpoint,
acr,
})
}
@ -140,6 +143,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id: String,
client_secret: Option<String>,
scopes: Vec<String>,
acr: Option<String>,
) -> Result<Self, Error> {
let client = reqwest::Client::default();
Self::discover_new_with_client(
@ -149,6 +153,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_secret,
scopes,
&client,
acr,
)
.await
}
@ -163,6 +168,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_secret: Option<String>,
scopes: Vec<String>,
client: &reqwest::Client,
acr: Option<String>,
) -> Result<Self, Error> {
// modified version of `openidconnect::reqwest::async_client::async_http_client`.
let async_http_client = |request: HttpRequest| async move {
@ -202,6 +208,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
client_id,
client_secret,
scopes,
acr,
)
}
}

View file

@ -17,8 +17,9 @@ use tower_sessions::Session;
use openidconnect::{
core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim},
reqwest::async_http_client,
AccessToken, AccessTokenHash, AuthorizationCode, CsrfToken, IdTokenClaims, Nonce,
OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken,
AccessToken, AccessTokenHash, AuthenticationContextClass, AuthorizationCode, CsrfToken,
IdTokenClaims, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl,
RefreshToken,
RequestTokenError::ServerResponse,
Scope, TokenResponse,
};
@ -187,6 +188,10 @@ where
for scope in oidcclient.scopes.iter() {
auth = auth.add_scope(Scope::new(scope.to_string()));
}
if let Some(acr) = oidcclient.acr {
auth =
auth.add_auth_context_value(AuthenticationContextClass::new(acr));
}
auth.set_pkce_challenge(pkce_challenge).url()
};
@ -228,6 +233,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
client_id: String,
client_secret: Option<String>,
scopes: Vec<String>,
acr: Option<String>,
) -> Result<Self, Error> {
Ok(Self {
client: OidcClient::<AC>::discover_new(
@ -236,6 +242,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
client_id,
client_secret,
scopes,
acr,
)
.await?,
})