phil/ezidam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openid: configuration: split scopes and response types in own mods, to be used in ezidam later

Browse source
This commit is contained in:
Philippe Loctaux 2023-03-13 23:31:00 +01:00
parent 3d065bbc22
commit a0c0c3fa8f
6 changed files with 46 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Cargo.lock generated
View file

@ -1947,6 +1947,7 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
name = "openid" name = "openid"
version = "0.0.0" version = "0.0.0"
dependencies = [ dependencies = [
"itertools",
"openidconnect", "openidconnect",
"serde_json", "serde_json",
"thiserror", "thiserror",

1
crates/openid/Cargo.toml
View file

@ -8,3 +8,4 @@ thiserror = { workspace = true }
url = { workspace = true } url = { workspace = true }
serde_json = { workspace = true } serde_json = { workspace = true }
openidconnect = { version = "3.0.0-alpha.1", default-features = false } openidconnect = { version = "3.0.0-alpha.1", default-features = false }
itertools = "0.10.5"

15
crates/openid/src/openid.rs → crates/openid/src/configuration.rs
View file

@ -1,11 +1,9 @@
use crate::error::Error; use crate::error::Error;
use openidconnect::core::{ use openidconnect::core::{
CoreClaimName, CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreResponseType, CoreClaimName, CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreSubjectIdentifierType,
CoreSubjectIdentifierType,
}; };
use openidconnect::{ use openidconnect::{
AuthUrl, EmptyAdditionalProviderMetadata, IssuerUrl, JsonWebKeySetUrl, ResponseTypes, Scope, AuthUrl, EmptyAdditionalProviderMetadata, IssuerUrl, JsonWebKeySetUrl, TokenUrl, UserInfoUrl,
TokenUrl, UserInfoUrl,
}; };
use serde_json::Value; use serde_json::Value;
use url::Url; use url::Url;
@ -25,12 +23,7 @@ pub fn configuration(base_url: &str) -> Result<Value, Error> {
// Use the JsonWebKeySet struct to serve the JWK Set at this URL. // Use the JsonWebKeySet struct to serve the JWK Set at this URL.
JsonWebKeySetUrl::from_url(jwks_uri), JsonWebKeySetUrl::from_url(jwks_uri),
// Supported response types (flows). // Supported response types (flows).
vec![ crate::supported_response_types(),
// Recommended: support the code flow.
ResponseTypes::new(vec![CoreResponseType::Code]),
// Optional: support the implicit flow.
ResponseTypes::new(vec![CoreResponseType::Token, CoreResponseType::IdToken]), // Other flows including hybrid flows may also be specified here.
],
// For user privacy, the Pairwise subject identifier type is preferred. This prevents // For user privacy, the Pairwise subject identifier type is preferred. This prevents
// distinct relying parties (clients) from knowing whether their users represent the same // distinct relying parties (clients) from knowing whether their users represent the same
// real identities. This identifier type is only useful for relying parties that don't // real identities. This identifier type is only useful for relying parties that don't
@ -49,7 +42,7 @@ pub fn configuration(base_url: &str) -> Result<Value, Error> {
// Recommended: support the UserInfo endpoint. // Recommended: support the UserInfo endpoint.
.set_userinfo_endpoint(Some(UserInfoUrl::from_url(user_info_url))) .set_userinfo_endpoint(Some(UserInfoUrl::from_url(user_info_url)))
// Recommended: specify the supported scopes. // Recommended: specify the supported scopes.
.set_scopes_supported(Some(vec![Scope::new("openid".to_string())])) .set_scopes_supported(Some(crate::SupportedScopes::default().0))
// Recommended: specify the supported ID token claims. // Recommended: specify the supported ID token claims.
.set_claims_supported(Some(vec![ .set_claims_supported(Some(vec![
// Providers may also define an enum instead of using CoreClaimName. // Providers may also define an enum instead of using CoreClaimName.

11
crates/openid/src/lib.rs
View file

@ -1,6 +1,13 @@
mod configuration;
mod error; mod error;
mod openid; mod response_types;
mod scopes;
/// Exports /// Exports
pub use crate::openid::configuration; pub use configuration::configuration;
pub use error::Error; pub use error::Error;
pub use response_types::supported_response_types;
pub use scopes::SupportedScopes;
/// Type exports
pub use openidconnect::core::CoreResponseType;

11
crates/openid/src/response_types.rs Normal file
View file

@ -0,0 +1,11 @@
use openidconnect::core::CoreResponseType;
use openidconnect::ResponseTypes;
pub fn supported_response_types() -> Vec<ResponseTypes<CoreResponseType>> {
vec![
// Recommended: support the code flow.
ResponseTypes::new(vec![CoreResponseType::Code]),
// Optional: support the implicit flow.
ResponseTypes::new(vec![CoreResponseType::Token, CoreResponseType::IdToken]), // Other flows including hybrid flows may also be specified here.
]
}

20
crates/openid/src/scopes.rs Normal file
View file

@ -0,0 +1,20 @@
use itertools::Itertools;
use openidconnect::Scope;
pub struct SupportedScopes(pub Vec<Scope>);
impl SupportedScopes {
pub fn url_format() -> String {
Self::default().0.iter().map(|s| s.as_str()).join(" ")
}
}
impl Default for SupportedScopes {
fn default() -> Self {
Self(vec![
Scope::new("openid".to_string()),
Scope::new("profile".to_string()),
Scope::new("email".to_string()),
])
}
}