ezidam: added openid configration, well known route

crates/openid/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "openid"
+version = "0.0.0"
+edition = "2021"
+
+[dependencies]
+thiserror = { workspace = true }
+url = { workspace = true }
+serde_json = { workspace = true }
+openidconnect = { version = "3.0.0-alpha.1", default-features = false }

crates/openid/src/error.rs

@@ -0,0 +1,11 @@
+// error
+#[derive(thiserror::Error)]
+// the rest
+#[derive(Debug)]
+pub enum Error {
+    #[error("Failed to parse an URL: `{0}`")]
+    UrlParse(#[from] url::ParseError),
+
+    #[error("Failed to serialize to JSON: `{0}`")]
+    JsonSerialization(#[from] serde_json::Error),
+}

crates/openid/src/lib.rs

@@ -0,0 +1,6 @@
+mod error;
+mod openid;
+
+/// Exports
+pub use error::Error;
+pub use openid::configuration;

crates/openid/src/openid.rs

@@ -0,0 +1,66 @@
+use crate::error::Error;
+use openidconnect::core::{
+    CoreClaimName, CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreResponseType,
+    CoreSubjectIdentifierType,
+};
+use openidconnect::{
+    AuthUrl, EmptyAdditionalProviderMetadata, IssuerUrl, JsonWebKeySetUrl, ResponseTypes, Scope,
+    TokenUrl, UserInfoUrl,
+};
+use serde_json::Value;
+use url::Url;
+
+pub fn configuration(base_url: &str) -> Result<Value, Error> {
+    let base_url = Url::parse(base_url)?;
+
+    let authorization_endpoint = base_url.join("/oauth/authorize")?;
+    let jwks_uri = base_url.join("/.well-known/jwks.json")?;
+    let token_url = base_url.join("/oauth/token")?;
+    let user_info_url = base_url.join("/oauth/userinfo")?;
+
+    let provider_metadata = CoreProviderMetadata::new(
+        // Parameters required by the OpenID Connect Discovery spec.
+        IssuerUrl::from_url(base_url),
+        AuthUrl::from_url(authorization_endpoint),
+        // Use the JsonWebKeySet struct to serve the JWK Set at this URL.
+        JsonWebKeySetUrl::from_url(jwks_uri),
+        // Supported response types (flows).
+        vec![
+            // Recommended: support the code flow.
+            ResponseTypes::new(vec![CoreResponseType::Code]),
+            // Optional: support the implicit flow.
+            ResponseTypes::new(vec![CoreResponseType::Token, CoreResponseType::IdToken]), // Other flows including hybrid flows may also be specified here.
+        ],
+        // For user privacy, the Pairwise subject identifier type is preferred. This prevents
+        // distinct relying parties (clients) from knowing whether their users represent the same
+        // real identities. This identifier type is only useful for relying parties that don't
+        // receive the 'email', 'profile' or other personally-identifying scopes.
+        // The Public subject identifier type is also supported.
+        vec![CoreSubjectIdentifierType::Pairwise],
+        vec![CoreJwsSigningAlgorithm::RsaSsaPssSha256],
+        // OpenID Connect Providers may supply custom metadata by providing a struct that
+        // implements the AdditionalProviderMetadata trait. This requires manually using the
+        // generic ProviderMetadata struct rather than the CoreProviderMetadata type alias,
+        // however.
+        EmptyAdditionalProviderMetadata {},
+    )
+    // Specify the token endpoint (required for the code flow).
+    .set_token_endpoint(Some(TokenUrl::from_url(token_url)))
+    // Recommended: support the UserInfo endpoint.
+    .set_userinfo_endpoint(Some(UserInfoUrl::from_url(user_info_url)))
+    // Recommended: specify the supported scopes.
+    .set_scopes_supported(Some(vec![Scope::new("openid".to_string())]))
+    // Recommended: specify the supported ID token claims.
+    .set_claims_supported(Some(vec![
+        // Providers may also define an enum instead of using CoreClaimName.
+        CoreClaimName::new("sub".to_string()),
+        CoreClaimName::new("aud".to_string()),
+        CoreClaimName::new("email".to_string()),
+        CoreClaimName::new("exp".to_string()),
+        CoreClaimName::new("iat".to_string()),
+        CoreClaimName::new("iss".to_string()),
+        CoreClaimName::new("name".to_string()),
+    ]));
+
+    Ok(serde_json::to_value(provider_metadata)?)
+}