matrix_sdk/authentication/oidc/backend/
mod.rs

1// Copyright 2023 The Matrix.org Foundation C.I.C.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for that specific language governing permissions and
13// limitations under the License.
14
15//! Trait for defining an implementation for an OIDC backend.
16//!
17//! Used mostly for testing purposes.
18
19use mas_oidc_client::{
20    requests::authorization_code::{AuthorizationRequestData, AuthorizationValidationData},
21    types::{
22        client_credentials::ClientCredentials,
23        iana::oauth::OAuthTokenTypeHint,
24        oidc::VerifiedProviderMetadata,
25        registration::{ClientRegistrationResponse, VerifiedClientMetadata},
26        IdToken,
27    },
28};
29use url::Url;
30
31use super::{AuthorizationCode, OauthDiscoveryError, OidcError, OidcSessionTokens};
32
33pub(crate) mod server;
34
35#[cfg(test)]
36pub(crate) mod mock;
37
38pub(super) struct RefreshedSessionTokens {
39    pub access_token: String,
40    pub refresh_token: Option<String>,
41}
42
43#[async_trait::async_trait]
44pub(super) trait OidcBackend: std::fmt::Debug + Send + Sync {
45    async fn discover(
46        &self,
47        insecure: bool,
48    ) -> Result<VerifiedProviderMetadata, OauthDiscoveryError>;
49
50    async fn register_client(
51        &self,
52        registration_endpoint: &Url,
53        client_metadata: VerifiedClientMetadata,
54        software_statement: Option<String>,
55    ) -> Result<ClientRegistrationResponse, OidcError>;
56
57    async fn trade_authorization_code_for_tokens(
58        &self,
59        provider_metadata: VerifiedProviderMetadata,
60        credentials: ClientCredentials,
61        metadata: VerifiedClientMetadata,
62        auth_code: AuthorizationCode,
63        validation_data: AuthorizationValidationData,
64    ) -> Result<OidcSessionTokens, OidcError>;
65
66    async fn refresh_access_token(
67        &self,
68        provider_metadata: VerifiedProviderMetadata,
69        credentials: ClientCredentials,
70        metadata: &VerifiedClientMetadata,
71        refresh_token: String,
72        latest_id_token: Option<IdToken<'static>>,
73    ) -> Result<RefreshedSessionTokens, OidcError>;
74
75    async fn build_par_authorization_url(
76        &self,
77        client_credentials: ClientCredentials,
78        par_endpoint: &Url,
79        authorization_endpoint: Url,
80        authorization_data: AuthorizationRequestData,
81    ) -> Result<(Url, AuthorizationValidationData), OidcError>;
82
83    async fn revoke_token(
84        &self,
85        client_credentials: ClientCredentials,
86        revocation_endpoint: &Url,
87        token: String,
88        token_type_hint: Option<OAuthTokenTypeHint>,
89    ) -> Result<(), OidcError>;
90}