|
|
@@ -9,6 +9,11 @@ mod api;
|
|
|
|
|
|
type Request = tide::Request<super::ServerStateWrapper>;
|
|
|
|
|
|
+const AUTHORIZE_PATH: &'static str = "oidc/authorize";
|
|
|
+const TOKEN_PATH: &'static str = "oidc/token";
|
|
|
+const JWKS_PATH: &'static str = "oidc/jwks";
|
|
|
+const DISCOVERY_PATH: &'static str = ".well-known/openid-configuration";
|
|
|
+
|
|
|
#[derive(serde::Serialize)]
|
|
|
pub enum OIDCErrorType {
|
|
|
InvalidRequest,
|
|
|
@@ -297,7 +302,7 @@ async fn do_token<'l>(mut request: Request) -> Result<tide::Response, OIDCError<
|
|
|
let now = std::time::SystemTime::now();
|
|
|
if code.expiry < now {
|
|
|
return Err(OIDCError(
|
|
|
- OIDCErrorType::InvalidRequest,
|
|
|
+ OIDCErrorType::AccessDenied,
|
|
|
"expired authorization code".into(),
|
|
|
None,
|
|
|
));
|
|
|
@@ -359,10 +364,6 @@ async fn token(request: Request) -> tide::Result<tide::Response> {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-const AUTHORIZE_PATH: &'static str = "oidc/authorize";
|
|
|
-const TOKEN_PATH: &'static str = "oidc/token";
|
|
|
-const JWKS_PATH: &'static str = "oidc/jwks";
|
|
|
-
|
|
|
async fn jwks(request: Request) -> tide::Result<tide::Response> {
|
|
|
let shelper = SessionHelper::new(&request);
|
|
|
let realm = shelper.get_realm()?;
|
|
|
@@ -434,7 +435,5 @@ pub(super) fn oidc_server(mut route: tide::Route<super::ServerStateWrapper>) {
|
|
|
route.at(AUTHORIZE_PATH).get(authorize).post(authorize);
|
|
|
route.at(TOKEN_PATH).post(token);
|
|
|
route.at(JWKS_PATH).get(jwks);
|
|
|
- route
|
|
|
- .at(".well-known/openid-configuration")
|
|
|
- .get(discovery_config);
|
|
|
+ route.at(DISCOVERY_PATH).get(discovery_config);
|
|
|
}
|
