Skip to content

Commit 6ef8c01

Browse files
lovasoalovasoa
committed
WIP: sso oidc metadata refresh
introduces an async oidc_state.get_client
1 parent 0763e52 commit 6ef8c01

File tree

1 file changed

+26
-30
lines changed

1 file changed

+26
-30
lines changed

src/webserver/oidc.rs

Lines changed: 26 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,14 @@ fn get_app_host(config: &AppConfig) -> String {
132132

133133
pub struct OidcState {
134134
pub config: OidcConfig,
135-
pub client: OidcClient,
135+
client: OidcClient,
136+
}
137+
138+
impl OidcState {
139+
pub async fn get_client(&self) -> &OidcClient {
140+
todo!();
141+
&self.client
142+
}
136143
}
137144

138145
pub async fn initialize_oidc_state(
@@ -239,12 +246,15 @@ where
239246

240247
log::debug!("Redirecting to OIDC provider");
241248

242-
let response = build_auth_provider_redirect_response(
243-
&self.oidc_state.client,
244-
&self.oidc_state.config,
245-
&request,
246-
);
247-
Box::pin(async move { Ok(request.into_response(response)) })
249+
let oidc_state = Arc::clone(&self.oidc_state);
250+
Box::pin(async move {
251+
let response = build_auth_provider_redirect_response(
252+
oidc_state.get_client().await,
253+
&oidc_state.config,
254+
&request,
255+
);
256+
Ok(request.into_response(response))
257+
})
248258
}
249259

250260
fn handle_oidc_callback(
@@ -255,22 +265,13 @@ where
255265

256266
Box::pin(async move {
257267
let query_string = request.query_string();
258-
match process_oidc_callback(
259-
&oidc_state.client,
260-
&oidc_state.config,
261-
query_string,
262-
&request,
263-
)
264-
.await
265-
{
268+
let client = oidc_state.get_client().await;
269+
match process_oidc_callback(client, &oidc_state.config, query_string, &request).await {
266270
Ok(response) => Ok(request.into_response(response)),
267271
Err(e) => {
268272
log::error!("Failed to process OIDC callback with params {query_string}: {e}");
269-
let resp = build_auth_provider_redirect_response(
270-
&oidc_state.client,
271-
&oidc_state.config,
272-
&request,
273-
);
273+
let resp =
274+
build_auth_provider_redirect_response(client, &oidc_state.config, &request);
274275
Ok(request.into_response(resp))
275276
}
276277
}
@@ -305,9 +306,7 @@ where
305306
fn call(&self, request: ServiceRequest) -> Self::Future {
306307
log::trace!("Started OIDC middleware request handling");
307308

308-
let oidc_client = &self.oidc_state.client;
309-
let oidc_config = &self.oidc_state.config;
310-
match get_authenticated_user_info(oidc_client, oidc_config, &request) {
309+
match get_authenticated_user_info(&self.oidc_state, &request) {
311310
Ok(Some(claims)) => {
312311
if request.path() == SQLPAGE_REDIRECT_URI {
313312
return handle_authenticated_oidc_callback(request);
@@ -330,11 +329,7 @@ where
330329
return self.handle_unauthenticated_request(request);
331330
}
332331
}
333-
let future = self.service.call(request);
334-
Box::pin(async move {
335-
let response = future.await?;
336-
Ok(response)
337-
})
332+
Box::pin(self.service.call(request))
338333
}
339334
}
340335

@@ -446,8 +441,7 @@ fn build_redirect_response(target_url: String) -> HttpResponse {
446441

447442
/// Returns the claims from the ID token in the `SQLPage` auth cookie.
448443
fn get_authenticated_user_info(
449-
oidc_client: &OidcClient,
450-
config: &OidcConfig,
444+
oidc_state: &Arc<OidcState>,
451445
request: &ServiceRequest,
452446
) -> anyhow::Result<Option<OidcClaims>> {
453447
let Some(cookie) = request.cookie(SQLPAGE_AUTH_COOKIE_NAME) else {
@@ -456,6 +450,8 @@ fn get_authenticated_user_info(
456450
let cookie_value = cookie.value().to_string();
457451

458452
let state = get_state_from_cookie(request)?;
453+
let config = oidc_state.config;
454+
let oidc_client = oidc_state.get_client().await;
459455
let verifier = config.create_id_token_verifier(oidc_client);
460456
let id_token = OidcToken::from_str(&cookie_value)
461457
.with_context(|| format!("Invalid SQLPage auth cookie: {cookie_value:?}"))?;

0 commit comments

Comments
 (0)