diff options
Diffstat (limited to 'src/modules/auth')
| -rw-r--r-- | src/modules/auth/openid.rs | 47 |
1 files changed, 36 insertions, 11 deletions
diff --git a/src/modules/auth/openid.rs b/src/modules/auth/openid.rs index fb1fbcb..a8d9d6e 100644 --- a/src/modules/auth/openid.rs +++ b/src/modules/auth/openid.rs @@ -40,7 +40,8 @@ impl NodeKind for OpenIDAuthKind { #[derive(Deserialize)] pub struct OpenIDAuth { client_id: String, - provider: String, + authorize_endpoint: String, + token_endpoint: String, next: DynNode, } @@ -92,8 +93,13 @@ impl Node for OpenIDAuth { }; let redirect_uri = redirect_uri(&request)?.to_string(); - token_request( - &self.provider, + let OAuthTokenResponse { + access_token, + expires_in, + token_type, + id_token, + } = token_request( + &self.token_endpoint, &self.client_id, &redirect_uri, &code, @@ -102,8 +108,18 @@ impl Node for OpenIDAuth { .await?; let mut r = Response::new(BoxBody::<_, ServiceError>::new( - format!("state={state:?}\ncode={code:?}\nreturn_path={return_path:?}") - .map_err(|_| unreachable!()), + format!( + r#"Response: + +state={state:?} +code={code:?} +return_path={return_path:?} +access_token={access_token:?} +token_type={token_type:?} +expires_in={expires_in:?} +id_token={id_token:?}"# + ) + .map_err(|_| unreachable!()), )); r.headers_mut() .insert(CONTENT_TYPE, HeaderValue::from_static("text/plain")); @@ -137,8 +153,8 @@ impl Node for OpenIDAuth { let redirect_uri = redirect_uri(&request)?.to_string(); let uri = format!( - "{}/authorize?client_id={}&redirect_uri={}&state={}_{}&code_challenge={}&code_challenge_method=S256&response_type=code&scope=openid profile email", - self.provider, + "{}?client_id={}&redirect_uri={}&state={}_{}&code_challenge={}&code_challenge_method=S256&response_type=code&scope=openid magic", + self.authorize_endpoint, utf8_percent_encode(&self.client_id, NON_ALPHANUMERIC), utf8_percent_encode(&redirect_uri, NON_ALPHANUMERIC), hex::encode(verif_cipher), @@ -180,8 +196,8 @@ async fn token_request( redirect_uri: &str, code: &str, verifier: &str, -) -> Result<(), ServiceError> { - let url = Uri::from_str(&format!("{provider}/token")).unwrap(); +) -> Result<OAuthTokenResponse, ServiceError> { + let url = Uri::from_str(provider).unwrap(); let body = format!( "client_id={}&redirect_uri={}&code={}&code_verifier={}&grant_type=authorization_code", utf8_percent_encode(client_id, NON_ALPHANUMERIC), @@ -214,6 +230,15 @@ async fn token_request( let body = res.collect().await.unwrap().aggregate(); let mut buf = String::new(); body.reader().read_to_string(&mut buf).unwrap(); - eprintln!("{buf:?}"); - Ok(()) + eprintln!("{buf}"); + Ok(serde_json::from_str(&buf) + .map_err(|_| ServiceError::CustomStatic("invalid token response"))?) +} + +#[derive(Debug, Deserialize)] +struct OAuthTokenResponse { + access_token: String, + expires_in: i64, + token_type: String, + id_token: String, } |