got some more random tokens

author: metamuffin <metamuffin@disroot.org> 2024-08-22 18:27:00 +0200
committer: metamuffin <metamuffin@disroot.org> 2024-08-22 18:27:00 +0200
commit: f04bd4b788ddecdcb040379c70bc0bc9670c9605 (patch)
tree: 7eeeba4cd6e74d5fcd38b78e3068ddfef9fa3a36
parent: 79f59dc9f2f82e2d21dd4738375c53a9f43a4d26 (diff)
download: gnix-f04bd4b788ddecdcb040379c70bc0bc9670c9605.tar
gnix-f04bd4b788ddecdcb040379c70bc0bc9670c9605.tar.bz2
gnix-f04bd4b788ddecdcb040379c70bc0bc9670c9605.tar.zst
3 files changed, 50 insertions, 11 deletions
diff --git a/Cargo.lock b/Cargo.lock
index a297a03..482d131 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -617,6 +617,7 @@ dependencies = [
  "rustls-pemfile",
  "rustls-webpki",
  "serde",
+ "serde_json",
  "serde_yaml",
  "sha2",
  "thiserror",
@@ -1357,6 +1358,18 @@ dependencies = [
 ]
 
 [[package]]
+name = "serde_json"
+version = "1.0.125"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed"
+dependencies = [
+ "itoa",
+ "memchr",
+ "ryu",
+ "serde",
+]
+
+[[package]]
 name = "serde_yaml"
 version = "0.9.34+deprecated"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index 6c32a9d..f89b679 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -38,6 +38,7 @@ pin-project = "1.1.5"
 # Config
 serde = { version = "1.0.208", features = ["derive"] }
 serde_yaml = "0.9.34"
+serde_json = "1.0.125"
 inotify = "0.11.0"
 
 # Logging
diff --git a/src/modules/auth/openid.rs b/src/modules/auth/openid.rs
index fb1fbcb..a8d9d6e 100644
--- a/src/modules/auth/openid.rs
+++ b/src/modules/auth/openid.rs
@@ -40,7 +40,8 @@ impl NodeKind for OpenIDAuthKind {
 #[derive(Deserialize)]
 pub struct OpenIDAuth {
     client_id: String,
-    provider: String,
+    authorize_endpoint: String,
+    token_endpoint: String,
     next: DynNode,
 }
 
@@ -92,8 +93,13 @@ impl Node for OpenIDAuth {
                 };
 
                 let redirect_uri = redirect_uri(&request)?.to_string();
-                token_request(
-                    &self.provider,
+                let OAuthTokenResponse {
+                    access_token,
+                    expires_in,
+                    token_type,
+                    id_token,
+                } = token_request(
+                    &self.token_endpoint,
                     &self.client_id,
                     &redirect_uri,
                     &code,
@@ -102,8 +108,18 @@ impl Node for OpenIDAuth {
                 .await?;
 
                 let mut r = Response::new(BoxBody::<_, ServiceError>::new(
-                    format!("state={state:?}\ncode={code:?}\nreturn_path={return_path:?}")
-                        .map_err(|_| unreachable!()),
+                    format!(
+                        r#"Response:
+
+state={state:?}
+code={code:?}
+return_path={return_path:?}
+access_token={access_token:?}
+token_type={token_type:?}
+expires_in={expires_in:?}
+id_token={id_token:?}"#
+                    )
+                    .map_err(|_| unreachable!()),
                 ));
                 r.headers_mut()
                     .insert(CONTENT_TYPE, HeaderValue::from_static("text/plain"));
@@ -137,8 +153,8 @@ impl Node for OpenIDAuth {
                 let redirect_uri = redirect_uri(&request)?.to_string();
 
                 let uri = format!(
-                    "{}/authorize?client_id={}&redirect_uri={}&state={}_{}&code_challenge={}&code_challenge_method=S256&response_type=code&scope=openid profile email",
-                    self.provider,
+                    "{}?client_id={}&redirect_uri={}&state={}_{}&code_challenge={}&code_challenge_method=S256&response_type=code&scope=openid magic",
+                    self.authorize_endpoint,
                     utf8_percent_encode(&self.client_id, NON_ALPHANUMERIC),
                     utf8_percent_encode(&redirect_uri, NON_ALPHANUMERIC),
                     hex::encode(verif_cipher),
@@ -180,8 +196,8 @@ async fn token_request(
     redirect_uri: &str,
     code: &str,
     verifier: &str,
-) -> Result<(), ServiceError> {
-    let url = Uri::from_str(&format!("{provider}/token")).unwrap();
+) -> Result<OAuthTokenResponse, ServiceError> {
+    let url = Uri::from_str(provider).unwrap();
     let body = format!(
         "client_id={}&redirect_uri={}&code={}&code_verifier={}&grant_type=authorization_code",
         utf8_percent_encode(client_id, NON_ALPHANUMERIC),
@@ -214,6 +230,15 @@ async fn token_request(
     let body = res.collect().await.unwrap().aggregate();
     let mut buf = String::new();
     body.reader().read_to_string(&mut buf).unwrap();
-    eprintln!("{buf:?}");
-    Ok(())
+    eprintln!("{buf}");
+    Ok(serde_json::from_str(&buf)
+        .map_err(|_| ServiceError::CustomStatic("invalid token response"))?)
+}
+
+#[derive(Debug, Deserialize)]
+struct OAuthTokenResponse {
+    access_token: String,
+    expires_in: i64,
+    token_type: String,
+    id_token: String,
 }
author	metamuffin <metamuffin@disroot.org>	2024-08-22 18:27:00 +0200
committer	metamuffin <metamuffin@disroot.org>	2024-08-22 18:27:00 +0200
commit	f04bd4b788ddecdcb040379c70bc0bc9670c9605 (patch)
tree	7eeeba4cd6e74d5fcd38b78e3068ddfef9fa3a36
parent	79f59dc9f2f82e2d21dd4738375c53a9f43a4d26 (diff)
download	gnix-f04bd4b788ddecdcb040379c70bc0bc9670c9605.tar gnix-f04bd4b788ddecdcb040379c70bc0bc9670c9605.tar.bz2 gnix-f04bd4b788ddecdcb040379c70bc0bc9670c9605.tar.zst