WIP: upstream OIDC provider support

2025-07-29 22:01:14 +03:00 · 2022-11-22 18:28:16 +01:00
parent 7f9be07e8d
commit bedcf44741
28 changed files with 1505 additions and 96 deletions
--- a/crates/data-model/Cargo.toml
+++ b/crates/data-model/Cargo.toml
@ -12,6 +12,7 @@ serde = "1.0.148"
 url = { version = "2.3.1", features = ["serde"] }
 crc = "3.0.0"
 rand = "0.8.5"
+ulid = "1.0.0"

 mas-iana = { path = "../iana" }
 mas-jose = { path = "../jose" }
--- a/crates/data-model/src/lib.rs
+++ b/crates/data-model/src/lib.rs
@ -27,6 +27,7 @@ pub(crate) mod compat;
 pub(crate) mod oauth2;
 pub(crate) mod tokens;
 pub(crate) mod traits;
+pub(crate) mod upstream_oauth2;
 pub(crate) mod users;

 pub use self::{
@ -40,6 +41,9 @@ pub use self::{
    },
    tokens::{AccessToken, RefreshToken, TokenFormatError, TokenType},
    traits::{StorageBackend, StorageBackendMarker},
+    upstream_oauth2::{
+        UpstreamOAuthAuthorizationSession, UpstreamOAuthLink, UpstreamOAuthProvider,
+    },
    users::{
        Authentication, BrowserSession, User, UserEmail, UserEmailVerification,
        UserEmailVerificationState,
--- a/crates/data-model/src/upstream_oauth2/mod.rs
+++ b/crates/data-model/src/upstream_oauth2/mod.rs
@ -0,0 +1,48 @@
+// Copyright 2022 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use chrono::{DateTime, Utc};
+use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod};
+use oauth2_types::scope::Scope;
+use serde::Serialize;
+use ulid::Ulid;
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct UpstreamOAuthProvider {
+    pub id: Ulid,
+    pub issuer: String,
+    pub scope: Scope,
+    pub client_id: String,
+    pub encrypted_client_secret: Option<String>,
+    pub token_endpoint_signing_alg: Option<JsonWebSignatureAlg>,
+    pub token_endpoint_auth_method: OAuthClientAuthenticationMethod,
+    pub created_at: DateTime<Utc>,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct UpstreamOAuthLink {
+    pub id: Ulid,
+    pub subject: String,
+    pub created_at: DateTime<Utc>,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct UpstreamOAuthAuthorizationSession {
+    pub id: Ulid,
+    pub state: String,
+    pub code_challenge_verifier: Option<String>,
+    pub nonce: String,
+    pub created_at: DateTime<Utc>,
+    pub completed_at: Option<DateTime<Utc>>,
+}