Add implicit authentication flow (#255)

Reviewed-on: #255
Co-authored-by: Pierre HUBERT <pierre.git@communiquons.org>
Co-committed-by: Pierre HUBERT <pierre.git@communiquons.org>

src/data/action_logger.rs

@@ -90,6 +90,9 @@ pub enum Action<'a> {
     NewOpenIDSession {
         client: &'a Client,
     },
+    NewOpenIDSuccessfulImplicitAuth {
+        client: &'a Client,
+    },
     ChangedHisPassword,
     ClearedHisLoginHistory,
     AddNewFactor(&'a TwoFactor),
@@ -199,6 +202,7 @@ impl<'a> Action<'a> {
             Action::NewOpenIDSession { client } => {
                 format!("opened a new OpenID session with {:?}", client.id)
             }
+            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!("finished an implicit flow connection for client {:?}", client.id),
             Action::ChangedHisPassword => "changed his password".to_string(),
             Action::ClearedHisLoginHistory => "cleared his login history".to_string(),
             Action::AddNewFactor(factor) => format!(
@@ -206,7 +210,6 @@ impl<'a> Action<'a> {
                 factor.quick_description(),
             ),
             Action::Removed2FAFactor { factor_id } => format!("Removed his factor {factor_id:?}"),
-
         }
     }
 }

src/data/client.rs

@@ -4,6 +4,12 @@ use crate::utils::string_utils::apply_env_vars;
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
 pub struct ClientID(pub String);
 
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub enum AuthenticationFlow {
+    AuthorizationCode,
+    Implicit,
+}
+
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
 pub struct Client {
     /// The ID of the client
@@ -16,7 +22,8 @@ pub struct Client {
     pub description: String,
 
     /// The secret used by the client to retrieve authenticated users information
-    pub secret: String,
+    /// This value is absent if implicit authentication flow is used
+    pub secret: Option<String>,
 
     /// The URI where the users should be redirected once authenticated
     pub redirect_uri: String,
@@ -42,6 +49,16 @@ impl PartialEq for Client {
 
 impl Eq for Client {}
 
+impl Client {
+    /// Get the client authentication flow
+    pub fn auth_flow(&self) -> AuthenticationFlow {
+        match self.secret {
+            None => AuthenticationFlow::Implicit,
+            Some(_) => AuthenticationFlow::AuthorizationCode,
+        }
+    }
+}
+
 pub type ClientManager = EntityManager<Client>;
 
 impl EntityManager<Client> {
@@ -66,7 +83,7 @@ impl EntityManager<Client> {
             c.id = ClientID(apply_env_vars(&c.id.0));
             c.name = apply_env_vars(&c.name);
             c.description = apply_env_vars(&c.description);
-            c.secret = apply_env_vars(&c.secret);
+            c.secret = c.secret.as_deref().map(apply_env_vars);
             c.redirect_uri = apply_env_vars(&c.redirect_uri);
         }
     }

src/data/id_token.rs

@@ -1,7 +1,7 @@
 use jwt_simple::claims::Audiences;
 use jwt_simple::prelude::{Duration, JWTClaims};
 
-#[derive(serde::Serialize)]
+#[derive(serde::Serialize, Debug)]
 pub struct IdToken {
     /// REQUIRED. Issuer Identifier for the Issuer of the response. The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
     #[serde(rename = "iss")]