proxmox-mirrors/proxmox
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox synced 2025-07-17 23:16:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

allow to configure used scopes

Browse Source
This commit is contained in:
Dietmar Maurer 2021-08-06 13:57:36 +02:00
parent 8471451a7b
commit 5937e44062
1 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/lib.rs
View File

@ -34,16 +34,19 @@ use openidconnect::{
Scope, Scope,
}; };
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize, Clone)]
pub struct OpenIdConfig { pub struct OpenIdConfig {
pub issuer_url: String, pub issuer_url: String,
pub client_id: String, pub client_id: String,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if="Option::is_none")]
pub client_key: Option<String>, pub client_key: Option<String>,
#[serde(skip_serializing_if="Option::is_none")]
pub scopes: Option<Vec<String>>,
} }
pub struct OpenIdAuthenticator { pub struct OpenIdAuthenticator {
client: CoreClient, client: CoreClient,
config: OpenIdConfig,
} }
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize)]
@ -111,6 +114,7 @@ impl OpenIdAuthenticator {
Ok(Self { Ok(Self {
client, client,
config: config.clone(),
}) })
} }
@ -123,18 +127,25 @@ impl OpenIdAuthenticator {
store_auth_state(Path::new(state_dir), realm, &private_auth_state)?; store_auth_state(Path::new(state_dir), realm, &private_auth_state)?;
// Generate the authorization URL to which we'll redirect the user. // Generate the authorization URL to which we'll redirect the user.
let (authorize_url, _csrf_state, _nonce) = self.client let mut request = self.client
.authorize_url( .authorize_url(
CoreAuthenticationFlow::AuthorizationCode, CoreAuthenticationFlow::AuthorizationCode,
|| CsrfToken::new(public_auth_state), || CsrfToken::new(public_auth_state),
|| nonce, || nonce,
) )
.set_display(CoreAuthDisplay::Page) .set_pkce_challenge(private_auth_state.pkce_challenge());
.add_prompt(CoreAuthPrompt::Login)
.add_scope(Scope::new("email".to_string())) request = request.set_display(CoreAuthDisplay::Page);
.add_scope(Scope::new("profile".to_string()))
.set_pkce_challenge(private_auth_state.pkce_challenge()) request = request.add_prompt(CoreAuthPrompt::Login);
.url();
if let Some(ref scopes) = self.config.scopes {
for scope in scopes.clone() {
request = request.add_scope(Scope::new(scope));
}
}
let (authorize_url, _csrf_state, _nonce) = request.url();
Ok(authorize_url.to_string()) Ok(authorize_url.to_string())
} }