Add implicit authentication flow #255
src
@ -16,7 +16,7 @@ use crate::constants::*;
|
||||
use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
|
||||
use crate::data::action_logger::{Action, ActionLogger};
|
||||
use crate::data::app_config::AppConfig;
|
||||
use crate::data::client::{ClientID, ClientManager};
|
||||
use crate::data::client::{AuthenticationFlow, ClientID, ClientManager};
|
||||
use crate::data::code_challenge::CodeChallenge;
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::id_token::IdToken;
|
||||
@ -162,14 +162,6 @@ pub async fn authorize(
|
||||
return error_redirect(&query, "invalid_request", "openid scope missing!");
|
||||
}
|
||||
|
||||
if !query.response_type.eq("code") {
|
||||
return error_redirect(
|
||||
&query,
|
||||
"invalid_request",
|
||||
"Only code response type is supported!",
|
||||
);
|
||||
}
|
||||
|
||||
if query.state.as_ref().map(String::is_empty).unwrap_or(false) {
|
||||
return error_redirect(&query, "invalid_request", "State is specified but empty!");
|
||||
}
|
||||
@ -201,6 +193,13 @@ pub async fn authorize(
|
||||
);
|
||||
}
|
||||
|
||||
// Check that requested authorization flow is supported
|
||||
if query.response_type != "code" && query.response_type != "id_token" {
|
||||
return error_redirect(&query, "invalid_request", "Unsupported authorization flow!");
|
||||
}
|
||||
|
||||
match (client.auth_flow(), query.response_type.as_str()) {
|
||||
(AuthenticationFlow::AuthorizationCode, "code") => {
|
||||
// Save all authentication information in memory
|
||||
let session = Session {
|
||||
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
|
||||
@ -240,6 +239,23 @@ pub async fn authorize(
|
||||
),
|
||||
))
|
||||
.finish()
|
||||
}
|
||||
|
||||
//(AuthenticationFlow::Implicit, "id_token") => {}
|
||||
(flow, code) => {
|
||||
log::warn!(
|
||||
"For client {:?}, configured with flow {:?}, made request with code {}",
|
||||
client.id,
|
||||
flow,
|
||||
code
|
||||
);
|
||||
error_redirect(
|
||||
&query,
|
||||
"invalid_request",
|
||||
"Requested authentication flow is unsupported / not configured for this client!",
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(serde::Serialize)]
|
||||
|
@ -4,6 +4,7 @@ use crate::utils::string_utils::apply_env_vars;
|
||||
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
|
||||
pub struct ClientID(pub String);
|
||||
|
||||
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
|
||||
pub enum AuthenticationFlow {
|
||||
AuthorizationCode,
|
||||
Implicit,
|
||||
|
Loading…
Reference in New Issue
Block a user