1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
// Copyright 2023 Kévin Commaille
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
use language_tags::LanguageTag;
use mas_oidc_client::{
error::TokenRevokeError,
requests::rp_initiated_logout::{build_end_session_url, LogoutData},
};
use tracing::instrument;
use url::Url;
use super::{Oidc, OidcError};
use crate::Result;
/// Builder type used to configure optional settings for constructing an
/// [RP-Initiated Logout] URL with an OpenID Connect provider.
///
/// Created with [`Oidc::logout()`]. Finalized with [`Self::build()`].
///
/// [RP-Initiated Logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
#[allow(missing_debug_implementations)]
pub struct OidcEndSessionUrlBuilder {
oidc: Oidc,
end_session_endpoint: Url,
client_id: String,
post_logout_redirect_uri: Option<Url>,
ui_locales: Option<Vec<LanguageTag>>,
}
impl OidcEndSessionUrlBuilder {
pub(super) fn new(oidc: Oidc, end_session_endpoint: Url, client_id: String) -> Self {
Self {
oidc,
end_session_endpoint,
client_id,
post_logout_redirect_uri: None,
ui_locales: None,
}
}
/// Set the URI where the user will be redirected after logging out.
///
/// Must be one of the `post_logout_redirect_uris` registered in the client
/// metadata.
pub fn post_logout_redirect_uri(mut self, redirect_uri: Url) -> Self {
self.post_logout_redirect_uri = Some(redirect_uri);
self
}
/// Set the preferred locales of the user.
///
/// Must be ordered from the preferred locale to the least preferred locale.
pub fn ui_locales(mut self, ui_locales: Vec<LanguageTag>) -> Self {
self.ui_locales = Some(ui_locales);
self
}
/// Get the URL that should be presented to log out from the OIDC provider's
/// interface.
///
/// If a `post_logout_redirect_uri` was provided, the user will be
/// redirected to it after logging out with a `state` query parameter that
/// is the same as the one in the `OidcEndSessionData`.
#[instrument(target = "matrix_sdk::client", skip_all)]
pub fn build(self) -> Result<OidcEndSessionData, OidcError> {
let Self { oidc, end_session_endpoint, client_id, post_logout_redirect_uri, ui_locales } =
self;
// We only need one of those.
let (id_token_hint, logout_hint) = if let Some(id_token) = oidc.latest_id_token() {
(Some(id_token.into_string()), None)
} else {
let logout_hint = oidc.client.user_id().map(|user_id| format!("mxid:{user_id}"));
(None, logout_hint)
};
let logout_data = LogoutData {
id_token_hint,
logout_hint,
client_id: Some(client_id),
post_logout_redirect_uri,
ui_locales,
};
let (url, state) =
build_end_session_url(end_session_endpoint, logout_data, &mut super::rng()?)
.map_err(TokenRevokeError::from)?;
Ok(OidcEndSessionData { url, state })
}
}
/// Data for the user to log out from their account in the issuer's interface.
#[derive(Debug, Clone)]
pub struct OidcEndSessionData {
/// The URL that should be presented.
pub url: Url,
/// A unique identifier for the request, if the user is to be redirected to
/// the client after logging out.
pub state: Option<String>,
}