On our way to processing tokens

2025-07-11 07:36:38 -07:00 · 2021-12-01 16:57:18 -08:00 · 2021-12-01 16:57:18 -08:00 · 4ce810b421
commit 4ce810b421
parent 730482e62f
3 changed files with 80 additions and 11 deletions
--- a/zeroidc/src/lib.rs
+++ b/zeroidc/src/lib.rs
@ -10,10 +10,11 @@ use std::time::Duration;

 use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType};
 use openidconnect::reqwest::http_client;
-use openidconnect::{AuthenticationFlow, PkceCodeVerifier};
-use openidconnect::{ClientId, CsrfToken, IssuerUrl, Nonce, PkceCodeChallenge, RedirectUrl, Scope};
+use openidconnect::{AuthenticationFlow, PkceCodeVerifier, TokenResponse, OAuth2TokenResponse};
+use openidconnect::{AuthorizationCode, ClientId, CsrfToken, IssuerUrl, Nonce, PkceCodeChallenge, RedirectUrl, RequestTokenError, Scope};

 use url::Url;
+use std::borrow::BorrowMut;

 pub struct ZeroIDC {
    inner: Arc<Mutex<Inner>>,
@ -39,7 +40,7 @@ pub struct AuthInfo {
    url: Url,
    csrf_token: CsrfToken,
    nonce: Nonce,
-    pkce_verifier: PkceCodeVerifier,
+    pkce_verifier: Option<PkceCodeVerifier>,
 }

 impl ZeroIDC {
@ -147,6 +148,36 @@ impl ZeroIDC {
        return (*self.inner.lock().unwrap()).network_id.clone()
    }

+    fn do_token_exchange(&mut self, auth_info: &mut AuthInfo, code: &str) {
+        if let Some(verifier) = auth_info.pkce_verifier.take() {
+            let token_response = (*self.inner.lock().unwrap()).oidc_client.as_ref().map(|c| {
+                let r = c.exchange_code(AuthorizationCode::new(code.to_string()))
+                    .set_pkce_verifier(verifier)
+                    .request(http_client);
+                match r {
+                    Ok(res) =>{
+                         return Some(res);
+                    },
+                    Err(e) => {
+                        println!("token response error");
+                        return None;
+                    },
+                }
+            });
+            // TODO: do stuff with token response
+            if let Some(Some(tok)) = token_response {
+                let id_token = tok.id_token().unwrap();
+                let claims = (*self.inner.lock().unwrap()).oidc_client.as_ref().map(|c| {
+
+                });
+                let access_token = tok.access_token();
+                let refresh_token = tok.refresh_token();
+            }
+        } else {
+            println!("No pkce verifier!  Can't exchange tokens!!!");
+        }
+    }
+
    fn get_auth_info(&mut self, csrf_token: String, nonce: String) -> Option<AuthInfo> {
        let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
        let network_id = self.get_network_id();
@ -170,9 +201,9 @@ impl ZeroIDC {

            return AuthInfo {
                url: auth_url,
+                pkce_verifier: Some(pkce_verifier),
                csrf_token,
                nonce,
-                pkce_verifier,
            };
        });