openid: configuration: split scopes and response types in own mods, to be used in ezidam later

crates/openid/Cargo.toml

@@ -8,3 +8,4 @@ thiserror = { workspace = true }
 url = { workspace = true }
 serde_json = { workspace = true }
 openidconnect = { version = "3.0.0-alpha.1", default-features = false }
+itertools = "0.10.5"

crates/openid/src/configuration.rs

@@ -1,11 +1,9 @@
 use crate::error::Error;
 use openidconnect::core::{
-    CoreClaimName, CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreResponseType,
-    CoreSubjectIdentifierType,
+    CoreClaimName, CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreSubjectIdentifierType,
 };
 use openidconnect::{
-    AuthUrl, EmptyAdditionalProviderMetadata, IssuerUrl, JsonWebKeySetUrl, ResponseTypes, Scope,
-    TokenUrl, UserInfoUrl,
+    AuthUrl, EmptyAdditionalProviderMetadata, IssuerUrl, JsonWebKeySetUrl, TokenUrl, UserInfoUrl,
 };
 use serde_json::Value;
 use url::Url;
@@ -25,12 +23,7 @@ pub fn configuration(base_url: &str) -> Result<Value, Error> {
         // Use the JsonWebKeySet struct to serve the JWK Set at this URL.
         JsonWebKeySetUrl::from_url(jwks_uri),
         // Supported response types (flows).
-        vec![
-            // Recommended: support the code flow.
-            ResponseTypes::new(vec![CoreResponseType::Code]),
-            // Optional: support the implicit flow.
-            ResponseTypes::new(vec![CoreResponseType::Token, CoreResponseType::IdToken]), // Other flows including hybrid flows may also be specified here.
-        ],
+        crate::supported_response_types(),
         // For user privacy, the Pairwise subject identifier type is preferred. This prevents
         // distinct relying parties (clients) from knowing whether their users represent the same
         // real identities. This identifier type is only useful for relying parties that don't
@@ -49,7 +42,7 @@ pub fn configuration(base_url: &str) -> Result<Value, Error> {
     // Recommended: support the UserInfo endpoint.
     .set_userinfo_endpoint(Some(UserInfoUrl::from_url(user_info_url)))
     // Recommended: specify the supported scopes.
-    .set_scopes_supported(Some(vec![Scope::new("openid".to_string())]))
+    .set_scopes_supported(Some(crate::SupportedScopes::default().0))
     // Recommended: specify the supported ID token claims.
     .set_claims_supported(Some(vec![
         // Providers may also define an enum instead of using CoreClaimName.

crates/openid/src/lib.rs

@@ -1,6 +1,13 @@
+mod configuration;
 mod error;
-mod openid;
+mod response_types;
+mod scopes;
 
 /// Exports
-pub use crate::openid::configuration;
+pub use configuration::configuration;
 pub use error::Error;
+pub use response_types::supported_response_types;
+pub use scopes::SupportedScopes;
+
+/// Type exports
+pub use openidconnect::core::CoreResponseType;

crates/openid/src/response_types.rs

@@ -0,0 +1,11 @@
+use openidconnect::core::CoreResponseType;
+use openidconnect::ResponseTypes;
+
+pub fn supported_response_types() -> Vec<ResponseTypes<CoreResponseType>> {
+    vec![
+        // Recommended: support the code flow.
+        ResponseTypes::new(vec![CoreResponseType::Code]),
+        // Optional: support the implicit flow.
+        ResponseTypes::new(vec![CoreResponseType::Token, CoreResponseType::IdToken]), // Other flows including hybrid flows may also be specified here.
+    ]
+}

crates/openid/src/scopes.rs

@@ -0,0 +1,20 @@
+use itertools::Itertools;
+use openidconnect::Scope;
+
+pub struct SupportedScopes(pub Vec<Scope>);
+
+impl SupportedScopes {
+    pub fn url_format() -> String {
+        Self::default().0.iter().map(|s| s.as_str()).join(" ")
+    }
+}
+
+impl Default for SupportedScopes {
+    fn default() -> Self {
+        Self(vec![
+            Scope::new("openid".to_string()),
+            Scope::new("profile".to_string()),
+            Scope::new("email".to_string()),
+        ])
+    }
+}