Add implicit authentication flow #255

Merged
pierre merged 4 commits from implicit_flow into master 2024-03-28 21:13:27 +00:00
2 changed files with 63 additions and 46 deletions
Showing only changes of commit 24c7072c0c - Show all commits

View File

@ -16,7 +16,7 @@ use crate::constants::*;
use crate::controllers::base_controller::{build_fatal_error_page, redirect_user}; use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
use crate::data::action_logger::{Action, ActionLogger}; use crate::data::action_logger::{Action, ActionLogger};
use crate::data::app_config::AppConfig; use crate::data::app_config::AppConfig;
use crate::data::client::{ClientID, ClientManager}; use crate::data::client::{AuthenticationFlow, ClientID, ClientManager};
use crate::data::code_challenge::CodeChallenge; use crate::data::code_challenge::CodeChallenge;
use crate::data::current_user::CurrentUser; use crate::data::current_user::CurrentUser;
use crate::data::id_token::IdToken; use crate::data::id_token::IdToken;
@ -162,14 +162,6 @@ pub async fn authorize(
return error_redirect(&query, "invalid_request", "openid scope missing!"); return error_redirect(&query, "invalid_request", "openid scope missing!");
} }
if !query.response_type.eq("code") {
return error_redirect(
&query,
"invalid_request",
"Only code response type is supported!",
);
}
if query.state.as_ref().map(String::is_empty).unwrap_or(false) { if query.state.as_ref().map(String::is_empty).unwrap_or(false) {
return error_redirect(&query, "invalid_request", "State is specified but empty!"); return error_redirect(&query, "invalid_request", "State is specified but empty!");
} }
@ -201,6 +193,13 @@ pub async fn authorize(
); );
} }
// Check that requested authorization flow is supported
if query.response_type != "code" && query.response_type != "id_token" {
return error_redirect(&query, "invalid_request", "Unsupported authorization flow!");
}
match (client.auth_flow(), query.response_type.as_str()) {
(AuthenticationFlow::AuthorizationCode, "code") => {
// Save all authentication information in memory // Save all authentication information in memory
let session = Session { let session = Session {
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)), session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
@ -240,6 +239,23 @@ pub async fn authorize(
), ),
)) ))
.finish() .finish()
}
//(AuthenticationFlow::Implicit, "id_token") => {}
(flow, code) => {
log::warn!(
"For client {:?}, configured with flow {:?}, made request with code {}",
client.id,
flow,
code
);
error_redirect(
&query,
"invalid_request",
"Requested authentication flow is unsupported / not configured for this client!",
)
}
}
} }
#[derive(serde::Serialize)] #[derive(serde::Serialize)]

View File

@ -4,6 +4,7 @@ use crate::utils::string_utils::apply_env_vars;
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)] #[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
pub struct ClientID(pub String); pub struct ClientID(pub String);
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
pub enum AuthenticationFlow { pub enum AuthenticationFlow {
AuthorizationCode, AuthorizationCode,
Implicit, Implicit,