Add authentication from upstream providers (#107)
All checks were successful
continuous-integration/drone/push Build is passing

Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...)

Reviewed-on: #107
This commit is contained in:
2023-04-27 10:10:28 +00:00
parent 4f7c56a4b8
commit 9b18b787a9
39 changed files with 1740 additions and 189 deletions

View File

@ -20,8 +20,7 @@ use crate::data::code_challenge::CodeChallenge;
use crate::data::current_user::CurrentUser;
use crate::data::id_token::IdToken;
use crate::data::jwt_signer::{JWTSigner, JsonWebKey};
use crate::data::open_id_user_info::OpenIDUserInfo;
use crate::data::openid_config::OpenIDConfig;
use crate::data::openid_primitive::{OpenIDConfig, OpenIDUserInfo, TokenResponse};
use crate::data::session_identity::SessionIdentity;
use crate::data::user::User;
use crate::utils::string_utils::rand_str;
@ -255,16 +254,6 @@ pub struct TokenQuery {
refresh_token_query: Option<TokenRefreshTokenQuery>,
}
#[derive(Debug, serde::Serialize)]
pub struct TokenResponse {
access_token: String,
token_type: &'static str,
refresh_token: String,
expires_in: u64,
#[serde(skip_serializing_if = "Option::is_none")]
id_token: Option<String>,
}
pub async fn token(
req: HttpRequest,
query: web::Form<TokenQuery>,
@ -451,9 +440,9 @@ pub async fn token(
TokenResponse {
access_token: session.access_token.expect("Missing access token!"),
token_type: "Bearer",
refresh_token: session.refresh_token,
expires_in: session.access_token_expire_at - time(),
token_type: "Bearer".to_string(),
refresh_token: Some(session.refresh_token),
expires_in: Some(session.access_token_expire_at - time()),
id_token: Some(jwt_signer.sign_token(id_token.to_jwt_claims())?),
}
}
@ -501,9 +490,9 @@ pub async fn token(
TokenResponse {
access_token: session.access_token.expect("Missing access token!"),
token_type: "Bearer",
refresh_token: session.refresh_token,
expires_in: session.access_token_expire_at - time(),
token_type: "Bearer".to_string(),
refresh_token: Some(session.refresh_token),
expires_in: Some(session.access_token_expire_at - time()),
id_token: None,
}
}
@ -637,12 +626,12 @@ async fn user_info(
};
HttpResponse::Ok().json(OpenIDUserInfo {
name: user.full_name(),
name: Some(user.full_name()),
sub: user.uid.0,
given_name: user.first_name,
family_name: user.last_name,
preferred_username: user.username,
email: user.email,
email_verified: true,
given_name: Some(user.first_name),
family_name: Some(user.last_name),
preferred_username: Some(user.username),
email: Some(user.email),
email_verified: Some(true),
})
}