feat(auth): add authentication integration
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
@@ -1,12 +1,16 @@
|
||||
use std::sync::Arc;
|
||||
use std::{ops::Deref, sync::Arc};
|
||||
|
||||
use async_trait::async_trait;
|
||||
use axum::extract::FromRef;
|
||||
use oauth2::TokenIntrospectionResponse;
|
||||
use openidconnect::IntrospectionUrl;
|
||||
use zitadel::{
|
||||
axum::introspection::IntrospectionStateBuilderError,
|
||||
credentials::Application,
|
||||
oidc::{discovery::discover, introspection::AuthorityAuthentication},
|
||||
oidc::{
|
||||
discovery::discover,
|
||||
introspection::{introspect, AuthorityAuthentication},
|
||||
},
|
||||
};
|
||||
|
||||
use crate::AuthClap;
|
||||
@@ -14,10 +18,10 @@ use crate::AuthClap;
|
||||
#[async_trait]
|
||||
pub trait Introspection {
|
||||
async fn get_user(&self) -> anyhow::Result<()>;
|
||||
async fn get_id_token(&self, token: &str) -> anyhow::Result<String>;
|
||||
}
|
||||
|
||||
pub struct IntrospectionService(Arc<dyn Introspection + Send + Sync + 'static>);
|
||||
|
||||
impl IntrospectionService {
|
||||
pub async fn new_zitadel(config: &AuthClap) -> anyhow::Result<Self> {
|
||||
let res = IntrospectionStateBuilder::new(&config.zitadel.authority_url.clone().unwrap())
|
||||
@@ -34,6 +38,14 @@ impl IntrospectionService {
|
||||
}
|
||||
}
|
||||
|
||||
impl Deref for IntrospectionService {
|
||||
type Target = Arc<dyn Introspection + Send + Sync + 'static>;
|
||||
|
||||
fn deref(&self) -> &Self::Target {
|
||||
&self.0
|
||||
}
|
||||
}
|
||||
|
||||
pub struct ZitadelIntrospection {
|
||||
state: IntrospectionState,
|
||||
}
|
||||
@@ -49,6 +61,21 @@ impl Introspection for ZitadelIntrospection {
|
||||
async fn get_user(&self) -> anyhow::Result<()> {
|
||||
Ok(())
|
||||
}
|
||||
async fn get_id_token(&self, token: &str) -> anyhow::Result<String> {
|
||||
let config = &self.state.config;
|
||||
let res = introspect(
|
||||
&config.introspection_uri,
|
||||
&config.authority,
|
||||
&config.authentication,
|
||||
token,
|
||||
)
|
||||
.await?;
|
||||
|
||||
Ok(res
|
||||
.sub()
|
||||
.ok_or(anyhow::anyhow!("could not find a userid (sub) in token"))?
|
||||
.to_string())
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
|
||||
Reference in New Issue
Block a user