letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

rework OIDC metadata endpoint

Browse Source
This commit is contained in:
Quentin Gliech
2021-07-22 16:01:55 +02:00
parent 51539019aa
commit 002f1027db
3 changed files with 48 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
matrix-authentication-service/src/handlers/mod.rs
View File

@@ -106,13 +106,23 @@ impl Middleware<State> for BrowserErrorHandler {
pub fn install(app: &mut Server<State>) {
let state = app.state().clone();
let cors = CorsMiddleware::new()
.allow_methods("GET, POST, OPTIONS".parse::<HeaderValue>().unwrap())
.allow_origin(Origin::from("*"))
.allow_credentials(false);
app.at("/health").get(self::health::get);
app.at("/.well-known").nest({
let cors = CorsMiddleware::new()
.allow_methods("GET, POST, OPTIONS".parse::<HeaderValue>().unwrap())
.allow_origin(Origin::from("*"))
.allow_credentials(false);
let metadata_endpoint =
self::oauth2::discovery::MetadataEndpoint::from_config(&state.config().oauth2);
let mut wk = tide::new();
wk.with(cors);
wk.at("/openid-configuration").get(metadata_endpoint);
wk
});
app.at("/").nest({
let mut views = tide::with_state(state.clone());
views.with(state.session_middleware());
@@ -132,12 +142,4 @@ pub fn install(app: &mut Server<State>) {
views
});
app.at("/.well-known").nest({
let mut wk = tide::with_state(state);
wk.with(cors);
wk.at("/openid-configuration")
.get(self::oauth2::discovery::get);
wk
});
}

51
matrix-authentication-service/src/handlers/oauth2/discovery.rs
View File

@@ -12,26 +12,41 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use async_trait::async_trait;
use oauth2_types::oidc::Metadata;
use tide::{Body, Request, Response};
use tide::{Body, Endpoint, Request, Response};
use crate::state::State;
use crate::config::OAuth2Config;
pub async fn get(req: Request<State>) -> tide::Result {
let state = req.state();
let m = Metadata {
issuer: state.issuer(),
authorization_endpoint: state.authorization_endpoint(),
token_endpoint: state.token_endpoint(),
jwks_uri: state.jwks_uri(),
registration_endpoint: None,
scopes_supported: None,
response_types_supported: None,
response_modes_supported: None,
grant_types_supported: None,
};
pub struct MetadataEndpoint(Metadata);
let body = Body::from_json(&m)?;
Ok(Response::builder(200).body(body).build())
impl MetadataEndpoint {
pub fn from_config(config: &OAuth2Config) -> Self {
let base = config.issuer.clone();
MetadataEndpoint(Metadata {
authorization_endpoint: base.join("oauth2/authorize").ok(),
token_endpoint: base.join("oauth2/token").ok(),
jwks_uri: base.join(".well-known/jwks.json").ok(),
issuer: base,
registration_endpoint: None,
scopes_supported: None,
response_types_supported: None,
response_modes_supported: None,
grant_types_supported: None,
})
}
}
#[async_trait]
impl<State> Endpoint<State> for MetadataEndpoint
where
State: Clone + Sync + Send + 'static,
{
async fn call(&self, _req: Request<State>) -> tide::Result {
let body = Body::from_json(&self.0)?;
Ok(Response::builder(200)
.body(body)
.content_type(tide::http::mime::JSON)
.build())
}
}

21
matrix-authentication-service/src/state.rs
View File

@@ -17,7 +17,6 @@ use std::sync::Arc;
use sqlx::PgPool;
use tera::Tera;
use tide::Middleware;
use url::Url;
use crate::{config::RootConfig, storage::Storage};
@@ -64,24 +63,4 @@ impl State {
pub fn csrf_middleware(&self) -> impl Middleware<Self> {
self.config.csrf.clone().into_middleware()
}
fn base(&self) -> Url {
self.config.oauth2.issuer.clone()
}
pub fn issuer(&self) -> Url {
self.base()
}
pub fn authorization_endpoint(&self) -> Option<Url> {
self.base().join("oauth2/authorize").ok()
}
pub fn token_endpoint(&self) -> Option<Url> {
self.base().join("oauth2/token").ok()
}
pub fn jwks_uri(&self) -> Option<Url> {
self.base().join(".well-known/jwks.json").ok()
}
}