59 lines
2.8 KiB
Rust
59 lines
2.8 KiB
Rust
use crate::error::Error;
|
|
use openidconnect::core::{
|
|
CoreClaimName, CoreJwsSigningAlgorithm, CoreProviderMetadata, CoreSubjectIdentifierType,
|
|
};
|
|
use openidconnect::{
|
|
AuthUrl, EmptyAdditionalProviderMetadata, IssuerUrl, JsonWebKeySetUrl, TokenUrl, UserInfoUrl,
|
|
};
|
|
use serde_json::Value;
|
|
use url::Url;
|
|
|
|
pub fn configuration(base_url: &str) -> Result<Value, Error> {
|
|
let base_url = Url::parse(base_url)?;
|
|
|
|
let authorization_endpoint = base_url.join("/oauth/authorize")?;
|
|
let jwks_uri = base_url.join("/.well-known/jwks.json")?;
|
|
let token_url = base_url.join("/oauth/token")?;
|
|
let user_info_url = base_url.join("/oauth/userinfo")?;
|
|
|
|
let provider_metadata = CoreProviderMetadata::new(
|
|
// Parameters required by the OpenID Connect Discovery spec.
|
|
IssuerUrl::from_url(base_url),
|
|
AuthUrl::from_url(authorization_endpoint),
|
|
// Use the JsonWebKeySet struct to serve the JWK Set at this URL.
|
|
JsonWebKeySetUrl::from_url(jwks_uri),
|
|
// Supported response types (flows).
|
|
crate::supported_response_types(),
|
|
// For user privacy, the Pairwise subject identifier type is preferred. This prevents
|
|
// distinct relying parties (clients) from knowing whether their users represent the same
|
|
// real identities. This identifier type is only useful for relying parties that don't
|
|
// receive the 'email', 'profile' or other personally-identifying scopes.
|
|
// The Public subject identifier type is also supported.
|
|
vec![CoreSubjectIdentifierType::Pairwise],
|
|
vec![CoreJwsSigningAlgorithm::RsaSsaPssSha256],
|
|
// OpenID Connect Providers may supply custom metadata by providing a struct that
|
|
// implements the AdditionalProviderMetadata trait. This requires manually using the
|
|
// generic ProviderMetadata struct rather than the CoreProviderMetadata type alias,
|
|
// however.
|
|
EmptyAdditionalProviderMetadata {},
|
|
)
|
|
// Specify the token endpoint (required for the code flow).
|
|
.set_token_endpoint(Some(TokenUrl::from_url(token_url)))
|
|
// Recommended: support the UserInfo endpoint.
|
|
.set_userinfo_endpoint(Some(UserInfoUrl::from_url(user_info_url)))
|
|
// Recommended: specify the supported scopes.
|
|
.set_scopes_supported(Some(crate::SupportedScopes::default().0))
|
|
// Recommended: specify the supported ID token claims.
|
|
.set_claims_supported(Some(vec![
|
|
// Providers may also define an enum instead of using CoreClaimName.
|
|
CoreClaimName::new("sub".to_string()),
|
|
CoreClaimName::new("aud".to_string()),
|
|
CoreClaimName::new("email".to_string()),
|
|
CoreClaimName::new("exp".to_string()),
|
|
CoreClaimName::new("iat".to_string()),
|
|
CoreClaimName::new("iss".to_string()),
|
|
CoreClaimName::new("name".to_string()),
|
|
]));
|
|
|
|
Ok(serde_json::to_value(provider_metadata)?)
|
|
}
|