Comments (8)
Are you also doing Issuer Discovery (https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery)? That complicates this a lot, because you would need to look up the provider information for each attempted login request.
from rocket_oauth2.
I don't need the full discovery protocol including webfinger etc.
My plan for now is to minimize the configuration effort. So for what I have in mind, it'd be sufficient to set the config URI once (before startup in a config file, or as command line parameter).
However, the data should be loaded in a lazy fashion, on the first request, so startup doesn't depend on the OP being online at that point.
from rocket_oauth2.
I did some preliminary work on a possible Provider
trait and the other changes that causes.
/// A `Provider` can retrieve authorization and token exchange URIs specific to
/// an OAuth service provider.
pub trait Provider: Send + Sync + 'static {
/// Returns the authorization URI associated with the service provider.
fn auth_uri(&self) -> Cow<'_, str>;
/// Returns the token exchange URI associated with the service provider.
fn token_uri(&self) -> Cow<'_, str>;
}
This would allow users to implement Provider
on custom types, perhaps containing something like a Lazy<(String, String)>
.
But because the client_id
and client_secret
must still be specified "ahead of time", I think it only helps with your use case of looking up the provider URIs lazily. I am actually a little confused after reading through it again - in what situation would a provider be offline at startup but come online later, and that you can hardcode a 'discovery URI' but not the auth and token URIs?
from rocket_oauth2.
Ok, I should clarify my use case:
Coming from a Java dev background, the systems I usually deploy consist of an IDP/OP (Keycloak), a server backend, and other services. So each environment (production, staging, test, development) has its own set of services, including the IDP.
So in essence, I keep redeploying these through a CI pipeline, and having startup dependencies between the services makes life much harder, as you can imagine (I'd have to make sure the now-written-in-rust backend can only start after the IDP has booted entirely).
from rocket_oauth2.
I still feel like I am missing something here; from my perspective, this solution only adds complexity on all sides. Instead of two URIs in a config file, there is now one URI in a config file plus new and existing infrastructure to discover the two real URIs spread across at least three different units (Keycloak, this library, and your application code).
The value I see for Provider
being a trait is to support "the identity provider is not known at startup or might change over the lifetime of the application", which seems plausible enough to support. It will work for your use case as well, but I am not as convinced it is necessary there.
from rocket_oauth2.
Provider
is now a trait in ed8f844, in the master
branch. Can you confirm that the Provider
trait works for your use case?
from rocket_oauth2.
Hi Jeb,
Sorry, I wasn't able to work on my side project for the last couple of days, so that's why Iv'e been a little quiet on the topic.
I just had a look at the change, it it's looking really good to me - this will allow me to pull the provider info lazily, on demand. I hope to get back to my rocket project at the end of the week; I'll report how the change works out for me then when I adapt my code accordingly.
Thanks for the effort!
Cheers,
Uwe
from rocket_oauth2.
This functionality and more can be accomplished now that Provider
is a trait, so I'm going to close this. Thanks for the request and discussion!
from rocket_oauth2.
Related Issues (20)
- Feature: Make redirect_uri optional HOT 6
- Docs: Add example with Custom Provider HOT 1
- Allow extending of authorization endpoint parameters.
- Callback fails to run if request parameters are in the wrong order HOT 4
- Verify token validity HOT 6
- Reddit configuration not actually working HOT 5
- Support revoking tokens
- ##Question: Other OAuth2 Providers? HOT 2
- Plans for Rocket v0.5 HOT 4
- Handle 400 errors from the authorization server HOT 3
- How do we use rocket_oauth2 for Facebook? HOT 1
- What's the difference between rocket_oauth2 and the OAuth2 crate? HOT 1
- Do not check token-type. HOT 1
- Cookie `rocket_oauth2_state` with `secure` flag HOT 2
- Cookies in rocket_oauth2 v0.4.1 not working for rocket v0.5.0-rc.2 HOT 1
- Multiple redirect URIs? HOT 1
- Update to support rocket =0.5.0-rc.4 HOT 1
- How secure is this? HOT 1
- Discord provider Exchange Failure. HOT 2
- DeserializationError when using Twitch as a provider. HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rocket_oauth2.