Add authentication from upstream providers (#107)
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...) Reviewed-on: #107
This commit is contained in:
@ -20,8 +20,7 @@ use crate::data::code_challenge::CodeChallenge;
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::id_token::IdToken;
|
||||
use crate::data::jwt_signer::{JWTSigner, JsonWebKey};
|
||||
use crate::data::open_id_user_info::OpenIDUserInfo;
|
||||
use crate::data::openid_config::OpenIDConfig;
|
||||
use crate::data::openid_primitive::{OpenIDConfig, OpenIDUserInfo, TokenResponse};
|
||||
use crate::data::session_identity::SessionIdentity;
|
||||
use crate::data::user::User;
|
||||
use crate::utils::string_utils::rand_str;
|
||||
@ -255,16 +254,6 @@ pub struct TokenQuery {
|
||||
refresh_token_query: Option<TokenRefreshTokenQuery>,
|
||||
}
|
||||
|
||||
#[derive(Debug, serde::Serialize)]
|
||||
pub struct TokenResponse {
|
||||
access_token: String,
|
||||
token_type: &'static str,
|
||||
refresh_token: String,
|
||||
expires_in: u64,
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
id_token: Option<String>,
|
||||
}
|
||||
|
||||
pub async fn token(
|
||||
req: HttpRequest,
|
||||
query: web::Form<TokenQuery>,
|
||||
@ -451,9 +440,9 @@ pub async fn token(
|
||||
|
||||
TokenResponse {
|
||||
access_token: session.access_token.expect("Missing access token!"),
|
||||
token_type: "Bearer",
|
||||
refresh_token: session.refresh_token,
|
||||
expires_in: session.access_token_expire_at - time(),
|
||||
token_type: "Bearer".to_string(),
|
||||
refresh_token: Some(session.refresh_token),
|
||||
expires_in: Some(session.access_token_expire_at - time()),
|
||||
id_token: Some(jwt_signer.sign_token(id_token.to_jwt_claims())?),
|
||||
}
|
||||
}
|
||||
@ -501,9 +490,9 @@ pub async fn token(
|
||||
|
||||
TokenResponse {
|
||||
access_token: session.access_token.expect("Missing access token!"),
|
||||
token_type: "Bearer",
|
||||
refresh_token: session.refresh_token,
|
||||
expires_in: session.access_token_expire_at - time(),
|
||||
token_type: "Bearer".to_string(),
|
||||
refresh_token: Some(session.refresh_token),
|
||||
expires_in: Some(session.access_token_expire_at - time()),
|
||||
id_token: None,
|
||||
}
|
||||
}
|
||||
@ -637,12 +626,12 @@ async fn user_info(
|
||||
};
|
||||
|
||||
HttpResponse::Ok().json(OpenIDUserInfo {
|
||||
name: user.full_name(),
|
||||
name: Some(user.full_name()),
|
||||
sub: user.uid.0,
|
||||
given_name: user.first_name,
|
||||
family_name: user.last_name,
|
||||
preferred_username: user.username,
|
||||
email: user.email,
|
||||
email_verified: true,
|
||||
given_name: Some(user.first_name),
|
||||
family_name: Some(user.last_name),
|
||||
preferred_username: Some(user.username),
|
||||
email: Some(user.email),
|
||||
email_verified: Some(true),
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user