Add variants for unknown values on mas-iana types

Remove the Copy derive and mark enums as non-exhaustive.
2025-07-29 22:01:14 +03:00 · 2022-09-13 18:32:56 +02:00
parent 9e3b3567b2
commit 80d317f23c
25 changed files with 414 additions and 292 deletions
--- a/crates/handlers/src/oauth2/introspection.rs
+++ b/crates/handlers/src/oauth2/introspection.rs
@ -162,7 +162,7 @@ pub(crate) async fn post(

    let client = client_authorization.credentials.fetch(&mut conn).await?;

-    let method = match client.token_endpoint_auth_method {
+    let method = match &client.token_endpoint_auth_method {
        None | Some(OAuthClientAuthenticationMethod::None) => {
            return Err(RouteError::NotAllowed);
        }
--- a/crates/handlers/src/oauth2/registration.rs
+++ b/crates/handlers/src/oauth2/registration.rs
@ -151,10 +151,10 @@ pub(crate) async fn post(
        metadata.tos_uri.as_ref().map(Localized::non_localized),
        metadata.jwks_uri.as_ref(),
        metadata.jwks.as_ref(),
-        metadata.id_token_signed_response_alg,
-        metadata.userinfo_signed_response_alg,
-        metadata.token_endpoint_auth_method,
-        metadata.token_endpoint_auth_signing_alg,
+        metadata.id_token_signed_response_alg.as_ref(),
+        metadata.userinfo_signed_response_alg.as_ref(),
+        metadata.token_endpoint_auth_method.as_ref(),
+        metadata.token_endpoint_auth_signing_alg.as_ref(),
        metadata.initiate_login_uri.as_ref(),
    )
    .await?;
--- a/crates/handlers/src/oauth2/token.rs
+++ b/crates/handlers/src/oauth2/token.rs
@ -198,6 +198,7 @@ pub(crate) async fn post(

    let method = client
        .token_endpoint_auth_method
+        .as_ref()
        .ok_or(RouteError::ClientNotAllowed)?;

    client_authorization
@ -333,17 +334,18 @@ async fn authorization_code_grant(

        let alg = client
            .id_token_signed_response_alg
+            .clone()
            .unwrap_or(JsonWebSignatureAlg::Rs256);
        let key = key_store
-            .signing_key_for_algorithm(alg)
+            .signing_key_for_algorithm(&alg)
            .context("no suitable key found")?;

-        claims::AT_HASH.insert(&mut claims, hash_token(alg, &access_token_str)?)?;
-        claims::C_HASH.insert(&mut claims, hash_token(alg, &grant.code)?)?;
+        claims::AT_HASH.insert(&mut claims, hash_token(&alg, &access_token_str)?)?;
+        claims::C_HASH.insert(&mut claims, hash_token(&alg, &grant.code)?)?;

+        let signer = key.params().signing_key_for_alg(&alg)?;
        let header = JsonWebSignatureHeader::new(alg)
            .with_kid(key.kid().context("key has no `kid` for some reason")?);
-        let signer = key.params().signing_key_for_alg(alg)?;
        let id_token = Jwt::sign(header, claims, &signer)?;

        Some(id_token.as_str().to_owned())
--- a/crates/handlers/src/oauth2/userinfo.rs
+++ b/crates/handlers/src/oauth2/userinfo.rs
@ -75,12 +75,12 @@ pub async fn get(

    if let Some(alg) = session.client.userinfo_signed_response_alg {
        let key = key_store
-            .signing_key_for_algorithm(alg)
+            .signing_key_for_algorithm(&alg)
            .context("no suitable key found")?;

+        let signer = key.params().signing_key_for_alg(&alg)?;
        let header = JsonWebSignatureHeader::new(alg)
            .with_kid(key.kid().context("key has no `kid` for some reason")?);
-        let signer = key.params().signing_key_for_alg(alg)?;

        let user_info = SignedUserInfo {
            iss: url_builder.oidc_issuer().to_string(),