feat(auth): add authentication integration

Signed-off-by: kjuulh <contact@kjuulh.io>
2023-08-20 14:08:40 +02:00
parent 48d09c8ae3
commit e6084a7f4e
13 changed files with 409 additions and 233 deletions
--- a/como_api/src/zitadel/mod.rs
+++ b/como_api/src/zitadel/mod.rs
@@ -1,90 +1 @@
-pub mod client;

-use axum::extract::FromRef;
-use openidconnect::IntrospectionUrl;
-use zitadel::{
-    axum::introspection::IntrospectionStateBuilderError,
-    credentials::Application,
-    oidc::{discovery::discover, introspection::AuthorityAuthentication},
-};
-
-#[derive(Clone, Debug)]
-pub struct IntrospectionState {
-    pub(crate) config: IntrospectionConfig,
-}
-
-/// Configuration that must be inject into the axum application state. Used by the
-/// [IntrospectionStateBuilder](super::IntrospectionStateBuilder). This struct is also used to create the [IntrospectionState](IntrospectionState)
-#[derive(Debug, Clone)]
-pub struct IntrospectionConfig {
-    pub(crate) authority: String,
-    pub(crate) authentication: AuthorityAuthentication,
-    pub(crate) introspection_uri: IntrospectionUrl,
-}
-
-impl FromRef<IntrospectionState> for IntrospectionConfig {
-    fn from_ref(input: &IntrospectionState) -> Self {
-        input.config.clone()
-    }
-}
-
-pub struct IntrospectionStateBuilder {
-    authority: String,
-    authentication: Option<AuthorityAuthentication>,
-}
-
-/// Builder for [IntrospectionConfig]
-impl IntrospectionStateBuilder {
-    pub fn new(authority: &str) -> Self {
-        Self {
-            authority: authority.to_string(),
-            authentication: None,
-        }
-    }
-
-    pub fn with_basic_auth(
-        &mut self,
-        client_id: &str,
-        client_secret: &str,
-    ) -> &mut IntrospectionStateBuilder {
-        self.authentication = Some(AuthorityAuthentication::Basic {
-            client_id: client_id.to_string(),
-            client_secret: client_secret.to_string(),
-        });
-
-        self
-    }
-
-    pub fn with_jwt_profile(&mut self, application: Application) -> &mut IntrospectionStateBuilder {
-        self.authentication = Some(AuthorityAuthentication::JWTProfile { application });
-
-        self
-    }
-
-    pub async fn build(&mut self) -> Result<IntrospectionState, IntrospectionStateBuilderError> {
-        if self.authentication.is_none() {
-            return Err(IntrospectionStateBuilderError::NoAuthSchema);
-        }
-
-        let metadata = discover(&self.authority)
-            .await
-            .map_err(|source| IntrospectionStateBuilderError::Discovery { source })?;
-
-        let introspection_uri = metadata
-            .additional_metadata()
-            .introspection_endpoint
-            .clone();
-
-        if introspection_uri.is_none() {
-            return Err(IntrospectionStateBuilderError::NoIntrospectionUrl);
-        }
-
-        Ok(IntrospectionState {
-            config: IntrospectionConfig {
-                authority: self.authority.clone(),
-                introspection_uri: introspection_uri.unwrap(),
-                authentication: self.authentication.as_ref().unwrap().clone(),
-            },
-        })
-    }
-}