Skip to content

Commit

Permalink
extend request types
Browse files Browse the repository at this point in the history
  • Loading branch information
avdb13 committed Nov 12, 2024
1 parent 4443b7a commit 1f9f9d8
Show file tree
Hide file tree
Showing 8 changed files with 73 additions and 39 deletions.
4 changes: 2 additions & 2 deletions atrium-common/src/store.rs
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@ where
T: MapStore<(), S> + Send + Sync,
{
async fn get_session(&self) -> Option<S> {
self.get(&Default::default()).await.expect("Infallible")
self.get(&()).await.expect("Infallible")
}
async fn set_session(&self, session: S) {
self.set(Default::default(), session).await.expect("Infallible")
self.set((), session).await.expect("Infallible")
}
async fn clear_session(&self) {
self.clear().await.expect("Infallible")
Expand Down
2 changes: 1 addition & 1 deletion atrium-oauth/oauth-client/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ mod http_client;
mod jose;
mod keyset;
mod oauth_client;
mod oauth_session;
mod resolver;
mod server_agent;
pub mod store;
mod types;
mod utils;
mod oauth_session;

pub use atproto::{
AtprotoClientMetadata, AtprotoLocalhostClientMetadata, AuthMethod, GrantType, Scope,
Expand Down
2 changes: 1 addition & 1 deletion atrium-oauth/oauth-client/src/oauth_client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use crate::store::state::{InternalStateData, StateStore};
use crate::types::{
AuthorizationCodeChallengeMethod, AuthorizationResponseType, AuthorizeOptions, CallbackParams,
OAuthAuthorizationServerMetadata, OAuthClientMetadata,
OAuthPusehedAuthorizationRequestResponse, PushedAuthorizationRequestParameters, TokenSet,
OAuthPusehedAuthorizationRequestResponse, PushedAuthorizationRequestParameters,
TryIntoOAuthClientMetadata,
};
use crate::utils::{compare_algos, generate_key, generate_nonce, get_random_values};
Expand Down
15 changes: 2 additions & 13 deletions atrium-oauth/oauth-client/src/oauth_session.rs
Original file line number Diff line number Diff line change
Expand Up @@ -18,47 +18,38 @@ use crate::{server_agent::OAuthServerAgent, store::session::Session};
#[derive(Clone, Debug, Error)]
pub enum Error {}

#[allow(dead_code)]
pub struct OAuthSession<S, T, D, H>
where
S: SessionStore<Session>,
// N: DpopStore + Send + Sync,
T: XrpcClient + Send + Sync + 'static,
D: DidResolver + Send + Sync,
H: HandleResolver + Send + Sync,
{
did: Did,
// dpop: DpopClient<T, N>,
server: Arc<OAuthServerAgent<T, D, H>>,
store: Arc<InnerStore<S>>,
}

impl<S, T, D, H> OAuthSession<S, T, D, H>
where
S: SessionStore<Session>,
// N: DpopStore + Send + Sync,
T: XrpcClient + Send + Sync,
D: DidResolver + Send + Sync,
H: HandleResolver + Send + Sync,
{
pub fn new(
did: Did,
// dpop: DpopClient<T, N>,
server: Arc<OAuthServerAgent<T, D, H>>,
store: Arc<InnerStore<S>>,
) -> Self {
Self {
did,
// dpop,
server,
store,
}
Self { did, server, store }
}
}

impl<S, T, D, H> HttpClient for OAuthSession<S, T, D, H>
where
S: SessionStore<Session> + Send + Sync,
// N: DpopStore + Send + Sync,
T: XrpcClient + Send + Sync,
D: DidResolver + Send + Sync,
H: HandleResolver + Send + Sync,
Expand All @@ -74,7 +65,6 @@ where
impl<S, T, D, H> XrpcClient for OAuthSession<S, T, D, H>
where
S: SessionStore<Session> + Send + Sync,
// N: DpopStore + Send + Sync,
T: XrpcClient + Send + Sync,
D: DidResolver + Send + Sync,
H: HandleResolver + Send + Sync,
Expand All @@ -99,7 +89,6 @@ where
impl<S, T, D, H> SessionManager for OAuthSession<S, T, D, H>
where
S: SessionStore<Session> + Send + Sync,
// N: DpopStore + Send + Sync,
T: XrpcClient + Send + Sync,
D: DidResolver + Send + Sync,
H: HandleResolver + Send + Sync,
Expand Down
57 changes: 45 additions & 12 deletions atrium-oauth/oauth-client/src/server_agent.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@ use crate::jose::jwt::{RegisteredClaims, RegisteredClaimsAud};
use crate::keyset::Keyset;
use crate::resolver::OAuthResolver;
use crate::types::{
OAuthAuthorizationServerMetadata, OAuthClientMetadata, OAuthTokenResponse,
PushedAuthorizationRequestParameters, TokenGrantType, TokenRequestParameters, TokenSet,
AuthorizationCodeParameters, OAuthAuthorizationServerMetadata, OAuthClientMetadata,
OAuthTokenResponse, PushedAuthorizationRequestParameters, RefreshTokenParameters,
RevocationRequestParameters, TokenRequestParameters, TokenSet,
};
use crate::utils::{compare_algos, generate_nonce};
use atrium_api::types::string::Datetime;
Expand Down Expand Up @@ -56,7 +57,7 @@ pub type Result<T> = core::result::Result<T, Error>;
#[allow(dead_code)]
pub enum OAuthRequest {
Token(TokenRequestParameters),
Revocation,
Revocation(RevocationRequestParameters),
Introspection,
PushedAuthorizationRequest(PushedAuthorizationRequestParameters),
}
Expand All @@ -65,14 +66,14 @@ impl OAuthRequest {
fn name(&self) -> String {
String::from(match self {
Self::Token(_) => "token",
Self::Revocation => "revocation",
Self::Revocation(_) => "revocation",
Self::Introspection => "introspection",
Self::PushedAuthorizationRequest(_) => "pushed_authorization_request",
})
}
fn expected_status(&self) -> StatusCode {
match self {
Self::Token(_) => StatusCode::OK,
Self::Token(_) | Self::Revocation(_) => StatusCode::OK,
Self::PushedAuthorizationRequest(_) => StatusCode::CREATED,
_ => unimplemented!(),
}
Expand Down Expand Up @@ -162,12 +163,44 @@ where
}
pub async fn exchange_code(&self, code: &str, verifier: &str) -> Result<TokenSet> {
self.verify_token_response(
self.request(OAuthRequest::Token(TokenRequestParameters {
grant_type: TokenGrantType::AuthorizationCode,
code: code.into(),
redirect_uri: self.client_metadata.redirect_uris[0].clone(), // ?
code_verifier: verifier.into(),
}))
self.request(OAuthRequest::Token(TokenRequestParameters::AuthorizationCode(
AuthorizationCodeParameters {
code: code.into(),
redirect_uri: self.client_metadata.redirect_uris[0].clone(), // ?
code_verifier: verifier.into(),
},
)))
.await?,
)
.await
}
pub async fn revoke_session(&self, token: &str) -> Result<()> {
self.request(OAuthRequest::Revocation(RevocationRequestParameters { token: token.into() }))
.await
}
pub async fn refresh_session(&self, token_set: TokenSet) -> Result<TokenSet> {
let TokenSet { sub, scope, refresh_token, access_token, token_type, expires_at, .. } =
token_set;
let expires_in = expires_at.map(|expires_at| {
expires_at.as_ref().signed_duration_since(Datetime::now().as_ref()).num_seconds()
});
let token_response = OAuthTokenResponse {
access_token,
token_type,
expires_in,
refresh_token,
scope,
sub: Some(sub),
};
let TokenSet { scope, refresh_token: Some(refresh_token), .. } =
self.verify_token_response(token_response).await?
else {
todo!();
};
self.verify_token_response(
self.request(OAuthRequest::Token(TokenRequestParameters::RefreshToken(
RefreshTokenParameters { refresh_token, scope },
)))
.await?,
)
.await
Expand Down Expand Up @@ -267,7 +300,7 @@ where
fn endpoint(&self, request: &OAuthRequest) -> Option<&String> {
match request {
OAuthRequest::Token(_) => Some(&self.server_metadata.token_endpoint),
OAuthRequest::Revocation => self.server_metadata.revocation_endpoint.as_ref(),
OAuthRequest::Revocation(_) => self.server_metadata.revocation_endpoint.as_ref(),
OAuthRequest::Introspection => self.server_metadata.introspection_endpoint.as_ref(),
OAuthRequest::PushedAuthorizationRequest(_) => {
self.server_metadata.pushed_authorization_request_endpoint.as_ref()
Expand Down
2 changes: 1 addition & 1 deletion atrium-oauth/oauth-client/src/store.rs
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
pub mod state;
pub mod session;
pub mod state;
8 changes: 5 additions & 3 deletions atrium-oauth/oauth-client/src/types.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,14 @@ mod token;
pub use client_metadata::{OAuthClientMetadata, TryIntoOAuthClientMetadata};
pub use metadata::{OAuthAuthorizationServerMetadata, OAuthProtectedResourceMetadata};
pub use request::{
AuthorizationCodeChallengeMethod, AuthorizationResponseType,
PushedAuthorizationRequestParameters, TokenGrantType, TokenRequestParameters,
AuthorizationCodeChallengeMethod, AuthorizationCodeParameters, AuthorizationResponseType,
PushedAuthorizationRequestParameters, RefreshTokenParameters, RevocationRequestParameters,
TokenRequestParameters,
};
pub use response::{OAuthPusehedAuthorizationRequestResponse, OAuthTokenResponse};
use serde::Deserialize;
pub use token::{TokenSet, TokenInfo};
#[allow(unused_imports)]
pub use token::{TokenInfo, TokenSet};

#[derive(Debug, Deserialize)]
pub enum AuthorizeOptionPrompt {
Expand Down
22 changes: 16 additions & 6 deletions atrium-oauth/oauth-client/src/types/request.rs
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,28 @@ pub struct PushedAuthorizationRequestParameters {
pub prompt: Option<String>,
}

// https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
#[derive(Serialize)]
#[serde(rename_all = "snake_case")]
pub enum TokenGrantType {
AuthorizationCode,
#[serde(tag = "grant_type", rename_all = "snake_case")]
pub enum TokenRequestParameters {
AuthorizationCode(AuthorizationCodeParameters),
RefreshToken(RefreshTokenParameters),
}

#[derive(Serialize)]
pub struct TokenRequestParameters {
// https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
pub grant_type: TokenGrantType,
pub struct AuthorizationCodeParameters {
pub code: String,
pub redirect_uri: String,
// https://datatracker.ietf.org/doc/html/rfc7636#section-4.5
pub code_verifier: String,
}

#[derive(Serialize)]
pub struct RefreshTokenParameters {
pub refresh_token: String,
pub scope: Option<String>,
}
#[derive(Serialize)]
pub struct RevocationRequestParameters {
pub token: String,
}

0 comments on commit 1f9f9d8

Please sign in to comment.