matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Simple dynamic client registration

Browse Source
This commit is contained in:
Quentin Gliech
2022-04-19 12:23:01 +02:00
parent d6ea0f8da1
commit 5c14611b96
16 changed files with 509 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crates/oauth2-types/src/lib.rs
View File

@ -50,6 +50,7 @@ impl ResponseTypeExt for OAuthAuthorizationEndpointResponseType {
pub mod errors;
pub mod oidc;
pub mod pkce;
pub mod registration;
pub mod requests;
pub mod scope;
pub mod webfinger;

8
crates/oauth2-types/src/oidc.rs
View File

@ -19,27 +19,27 @@ use mas_iana::{
PkceCodeChallengeMethod,
},
};
use serde::Serialize;
use serde::{Deserialize, Serialize};
use serde_with::skip_serializing_none;
use url::Url;
use crate::requests::{Display, GrantType, Prompt, ResponseMode};
#[derive(Serialize, Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[derive(Serialize, Deserialize, Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[serde(rename_all = "lowercase")]
pub enum ApplicationType {
Web,
Native,
}
#[derive(Serialize, Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[derive(Serialize, Deserialize, Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[serde(rename_all = "lowercase")]
pub enum SubjectType {
Public,
Pairwise,
}
#[derive(Serialize, Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[derive(Serialize, Deserialize, Clone, Copy, PartialEq, Eq, Hash, Debug)]
#[serde(rename_all = "lowercase")]
pub enum ClaimType {
Normal,

168
crates/oauth2-types/src/registration.rs Normal file
View File

@ -0,0 +1,168 @@
// Copyright 2022 The Matrix.org Foundation C.I.C.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
use chrono::{DateTime, Duration, Utc};
use mas_iana::{
jose::{JsonWebEncryptionAlg, JsonWebSignatureAlg},
oauth::{OAuthAuthorizationEndpointResponseType, OAuthClientAuthenticationMethod},
};
use mas_jose::JsonWebKeySet;
use serde::{Deserialize, Serialize};
use serde_with::{serde_as, skip_serializing_none, DurationSeconds, TimestampSeconds};
use url::Url;
use crate::{
oidc::{ApplicationType, SubjectType},
requests::GrantType,
};
fn default_response_types() -> Vec<OAuthAuthorizationEndpointResponseType> {
vec![OAuthAuthorizationEndpointResponseType::Code]
}
fn default_grant_types() -> Vec<GrantType> {
vec![GrantType::AuthorizationCode]
}
const fn default_application_type() -> ApplicationType {
ApplicationType::Web
}
#[serde_as]
#[skip_serializing_none]
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq)]
pub struct ClientMetadata {
pub redirect_uris: Vec<Url>,
#[serde(default = "default_response_types")]
pub response_types: Vec<OAuthAuthorizationEndpointResponseType>,
#[serde(default = "default_grant_types")]
pub grant_types: Vec<GrantType>,
#[serde(default = "default_application_type")]
pub application_type: ApplicationType,
#[serde(default)]
pub contacts: Vec<String>,
#[serde(default)]
pub client_name: Option<String>,
#[serde(default)]
pub logo_uri: Option<Url>,
#[serde(default)]
pub client_uri: Option<Url>,
#[serde(default)]
pub policy_uri: Option<Url>,
#[serde(default)]
pub tos_uri: Option<Url>,
#[serde(default)]
pub jwks_uri: Option<Url>,
#[serde(default)]
pub jwks: Option<JsonWebKeySet>,
#[serde(default)]
pub sector_identifier_uri: Option<Url>,
#[serde(default)]
pub subject_type: Option<SubjectType>,
#[serde(default)]
pub token_endpoint_auth_method: Option<OAuthClientAuthenticationMethod>,
#[serde(default)]
pub token_endpoint_auth_signing_alg: Option<JsonWebSignatureAlg>,
#[serde(default)]
pub id_token_signed_response_alg: Option<JsonWebSignatureAlg>,
#[serde(default)]
pub id_token_encrypted_response_alg: Option<JsonWebEncryptionAlg>,
#[serde(default)]
pub id_token_encrypted_response_enc: Option<JsonWebEncryptionAlg>,
#[serde(default)]
pub userinfo_signed_response_alg: Option<JsonWebSignatureAlg>,
#[serde(default)]
pub userinfo_encrypted_response_alg: Option<JsonWebEncryptionAlg>,
#[serde(default)]
pub userinfo_encrypted_response_enc: Option<JsonWebEncryptionAlg>,
#[serde(default)]
pub request_object_signing_alg: Option<JsonWebSignatureAlg>,
#[serde(default)]
pub request_object_encryption_alg: Option<JsonWebEncryptionAlg>,
#[serde(default)]
pub request_object_encryption_enc: Option<JsonWebEncryptionAlg>,
#[serde(default)]
#[serde_as(as = "Option<DurationSeconds<i64>>")]
pub default_max_age: Option<Duration>,
#[serde(default)]
pub require_auth_time: bool,
#[serde(default)]
pub default_acr_values: Vec<String>,
#[serde(default)]
pub initiate_login_uri: Option<Url>,
#[serde(default)]
pub request_uris: Option<Vec<Url>>,
#[serde(default)]
pub require_signed_request_object: bool,
#[serde(default)]
pub require_pushed_authorization_requests: bool,
#[serde(default)]
pub introspection_signed_response_alg: Option<JsonWebSignatureAlg>,
#[serde(default)]
pub introspection_encrypted_response_alg: Option<JsonWebEncryptionAlg>,
#[serde(default)]
pub introspection_encrypted_response_enc: Option<JsonWebEncryptionAlg>,
}
#[serde_as]
#[skip_serializing_none]
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq)]
pub struct ClientRegistrationResponse {
pub client_id: String,
#[serde(default)]
pub client_secret: Option<String>,
#[serde(default)]
#[serde_as(as = "Option<TimestampSeconds<i64>>")]
pub client_id_issued_at: Option<DateTime<Utc>>,
#[serde(default)]
#[serde_as(as = "Option<TimestampSeconds<i64>>")]
pub client_secret_expires_at: Option<DateTime<Utc>>,
}