Retrieve access token from provider

2023-04-26 12:22:06 +02:00
parent 38e7c96d20
commit bee794a589
6 changed files with 107 additions and 23 deletions
--- a/src/data/provider_configuration.rs
+++ b/src/data/provider_configuration.rs
@@ -1,10 +1,14 @@
-use crate::actors::providers_states_actor::ProviderLoginState;
 use std::cell::RefCell;
 use std::collections::HashMap;

-use crate::constants::{OIDC_PROVIDERS_LIFETIME, OIDC_PROVIDER_CB_URI};
+use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
+use base64::Engine as _;
+
+use crate::actors::providers_states_actor::ProviderLoginState;
+use crate::constants::OIDC_PROVIDERS_LIFETIME;
 use crate::data::app_config::AppConfig;
 use crate::data::jwt_signer::JsonWebKey;
+use crate::data::openid_primitive::TokenResponse;
 use crate::data::provider::Provider;
 use crate::utils::err::Res;
 use crate::utils::time::time;
@@ -38,10 +42,36 @@ impl ProviderConfiguration {
        let authorization_url = &self.discovery.authorization_endpoint;
        let client_id = urlencoding::encode(&provider.client_id).to_string();
        let state = urlencoding::encode(&state.state_id).to_string();
-        let callback_url = AppConfig::get().full_url(OIDC_PROVIDER_CB_URI);
+        let callback_url = AppConfig::get().oidc_provider_redirect_url();

        format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}")
    }
+
+    /// Retrieve the authorization token after a successful authentication, using an authorization code
+    pub async fn get_token(
+        &self,
+        provider: &Provider,
+        authorization_code: &str,
+    ) -> Res<TokenResponse> {
+        let authorization =
+            BASE64_STANDARD.encode(format!("{}:{}", provider.client_id, provider.client_secret));
+
+        let redirect_url = AppConfig::get().oidc_provider_redirect_url();
+
+        let mut params = HashMap::new();
+        params.insert("grant_type", "authorization_code");
+        params.insert("code", authorization_code);
+        params.insert("redirect_uri", redirect_url.as_str());
+
+        Ok(reqwest::Client::new()
+            .post(&self.discovery.token_endpoint)
+            .header("Authorization", format!("Basic {authorization}"))
+            .form(&params)
+            .send()
+            .await?
+            .json()
+            .await?)
+    }
 }

 thread_local! {