mirror of
https://github.com/pfzetto/axum-oidc.git
synced 2025-01-18 04:49:03 +01:00
add acr parameter for auth-layer
This commit is contained in:
parent
e62aba722c
commit
d837f3b6d6
3 changed files with 17 additions and 2 deletions
|
@ -41,6 +41,7 @@ pub async fn run(
|
|||
client_id,
|
||||
client_secret,
|
||||
vec![],
|
||||
None,
|
||||
)
|
||||
.await
|
||||
.unwrap(),
|
||||
|
|
|
@ -100,6 +100,7 @@ pub struct OidcClient<AC: AdditionalClaims> {
|
|||
client: Client<AC>,
|
||||
application_base_url: Uri,
|
||||
end_session_endpoint: Option<Uri>,
|
||||
acr: Option<String>,
|
||||
}
|
||||
|
||||
impl<AC: AdditionalClaims> OidcClient<AC> {
|
||||
|
@ -110,6 +111,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
|||
client_id: String,
|
||||
client_secret: Option<String>,
|
||||
scopes: Vec<String>,
|
||||
acr: Option<String>,
|
||||
) -> Result<Self, Error> {
|
||||
let end_session_endpoint = provider_metadata
|
||||
.additional_metadata()
|
||||
|
@ -129,6 +131,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
|||
client_id,
|
||||
application_base_url,
|
||||
end_session_endpoint,
|
||||
acr,
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -140,6 +143,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
|||
client_id: String,
|
||||
client_secret: Option<String>,
|
||||
scopes: Vec<String>,
|
||||
acr: Option<String>,
|
||||
) -> Result<Self, Error> {
|
||||
let client = reqwest::Client::default();
|
||||
Self::discover_new_with_client(
|
||||
|
@ -149,6 +153,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
|||
client_secret,
|
||||
scopes,
|
||||
&client,
|
||||
acr,
|
||||
)
|
||||
.await
|
||||
}
|
||||
|
@ -163,6 +168,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
|||
client_secret: Option<String>,
|
||||
scopes: Vec<String>,
|
||||
client: &reqwest::Client,
|
||||
acr: Option<String>,
|
||||
) -> Result<Self, Error> {
|
||||
// modified version of `openidconnect::reqwest::async_client::async_http_client`.
|
||||
let async_http_client = |request: HttpRequest| async move {
|
||||
|
@ -202,6 +208,7 @@ impl<AC: AdditionalClaims> OidcClient<AC> {
|
|||
client_id,
|
||||
client_secret,
|
||||
scopes,
|
||||
acr,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,8 +17,9 @@ use tower_sessions::Session;
|
|||
use openidconnect::{
|
||||
core::{CoreAuthenticationFlow, CoreErrorResponseType, CoreGenderClaim},
|
||||
reqwest::async_http_client,
|
||||
AccessToken, AccessTokenHash, AuthorizationCode, CsrfToken, IdTokenClaims, Nonce,
|
||||
OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken,
|
||||
AccessToken, AccessTokenHash, AuthenticationContextClass, AuthorizationCode, CsrfToken,
|
||||
IdTokenClaims, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl,
|
||||
RefreshToken,
|
||||
RequestTokenError::ServerResponse,
|
||||
Scope, TokenResponse,
|
||||
};
|
||||
|
@ -187,6 +188,10 @@ where
|
|||
for scope in oidcclient.scopes.iter() {
|
||||
auth = auth.add_scope(Scope::new(scope.to_string()));
|
||||
}
|
||||
if let Some(acr) = oidcclient.acr {
|
||||
auth =
|
||||
auth.add_auth_context_value(AuthenticationContextClass::new(acr));
|
||||
}
|
||||
|
||||
auth.set_pkce_challenge(pkce_challenge).url()
|
||||
};
|
||||
|
@ -228,6 +233,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
|
|||
client_id: String,
|
||||
client_secret: Option<String>,
|
||||
scopes: Vec<String>,
|
||||
acr: Option<String>,
|
||||
) -> Result<Self, Error> {
|
||||
Ok(Self {
|
||||
client: OidcClient::<AC>::discover_new(
|
||||
|
@ -236,6 +242,7 @@ impl<AC: AdditionalClaims> OidcAuthLayer<AC> {
|
|||
client_id,
|
||||
client_secret,
|
||||
scopes,
|
||||
acr,
|
||||
)
|
||||
.await?,
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue