diff --git a/src/console/src/accounts/impls.rs b/src/console/src/accounts/impls.rs index 9a5e527a4..516dac591 100644 --- a/src/console/src/accounts/impls.rs +++ b/src/console/src/accounts/impls.rs @@ -1,7 +1,7 @@ use crate::constants::E8S_PER_ICP; use crate::types::state::{Account, OpenIdData, Provider}; use ic_cdk::api::time; -use junobuild_auth::openid::types::interface::OpenIdCredential; +use junobuild_auth::openid::delegation::types::interface::OpenIdCredential; use junobuild_auth::profile::types::OpenIdProfile; use junobuild_shared::types::state::{MissionControlId, UserId}; diff --git a/src/console/src/auth/delegation.rs b/src/console/src/auth/delegation.rs index 98a15bb78..224c51c33 100644 --- a/src/console/src/auth/delegation.rs +++ b/src/console/src/auth/delegation.rs @@ -4,8 +4,8 @@ use junobuild_auth::delegation::types::{ GetDelegationError, GetDelegationResult, OpenIdGetDelegationArgs, OpenIdPrepareDelegationArgs, PrepareDelegationError, PreparedDelegation, }; +use junobuild_auth::openid::delegation::types::interface::OpenIdCredential; use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider; -use junobuild_auth::openid::types::interface::OpenIdCredential; use junobuild_auth::state::types::config::OpenIdProviders; use junobuild_auth::{delegation, openid}; @@ -22,14 +22,15 @@ pub async fn openid_prepare_delegation( args: &OpenIdPrepareDelegationArgs, providers: &OpenIdProviders, ) -> OpenIdPrepareDelegationResult { - let (credential, provider) = match openid::delegation::verify_openid_credentials_with_jwks_renewal( - &args.jwt, &args.salt, providers, &AuthHeap, - ) - .await - { - Ok(value) => value, - Err(err) => return Err(PrepareDelegationError::from(err)), - }; + let (credential, provider) = + match openid::delegation::verify_openid_credentials_with_jwks_renewal( + &args.jwt, &args.salt, providers, &AuthHeap, + ) + .await + { + Ok(value) => value, + Err(err) => return Err(PrepareDelegationError::from(err)), + }; let result = delegation::openid_prepare_delegation( &args.session_key, @@ -46,12 +47,13 @@ pub fn openid_get_delegation( args: &OpenIdGetDelegationArgs, providers: &OpenIdProviders, ) -> GetDelegationResult { - let (credential, provider) = match openid::delegation::verify_openid_credentials_with_cached_jwks( - &args.jwt, &args.salt, providers, &AuthHeap, - ) { - Ok(value) => value, - Err(err) => return Err(GetDelegationError::from(err)), - }; + let (credential, provider) = + match openid::delegation::verify_openid_credentials_with_cached_jwks( + &args.jwt, &args.salt, providers, &AuthHeap, + ) { + Ok(value) => value, + Err(err) => return Err(GetDelegationError::from(err)), + }; delegation::openid_get_delegation( &args.session_key, diff --git a/src/console/src/auth/register.rs b/src/console/src/auth/register.rs index 2b5007739..4da81b00c 100644 --- a/src/console/src/auth/register.rs +++ b/src/console/src/auth/register.rs @@ -3,8 +3,8 @@ use crate::types::state::OpenId; use crate::types::state::{Account, OpenIdData, Provider}; use candid::Principal; use junobuild_auth::delegation::types::UserKey; +use junobuild_auth::openid::delegation::types::interface::OpenIdCredential; use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider; -use junobuild_auth::openid::types::interface::OpenIdCredential; pub async fn register_account( public_key: &UserKey, diff --git a/src/libs/auth/src/delegation/get.rs b/src/libs/auth/src/delegation/get.rs index 723b88509..211757773 100644 --- a/src/libs/auth/src/delegation/get.rs +++ b/src/libs/auth/src/delegation/get.rs @@ -4,8 +4,8 @@ use crate::delegation::types::{ use crate::delegation::utils::seed::calculate_seed; use crate::delegation::utils::signature::{build_signature_inputs, build_signature_msg}; use crate::delegation::utils::targets::build_targets; +use crate::openid::delegation::types::interface::{OpenIdCredential, OpenIdCredentialKey}; use crate::openid::delegation::types::provider::OpenIdDelegationProvider; -use crate::openid::types::interface::{OpenIdCredential, OpenIdCredentialKey}; use crate::state::get_salt; use crate::state::services::read_state; use crate::strategies::{AuthCertificateStrategy, AuthHeapStrategy}; diff --git a/src/libs/auth/src/delegation/impls.rs b/src/libs/auth/src/delegation/impls.rs index 699cd97fb..dbdfc2a9e 100644 --- a/src/libs/auth/src/delegation/impls.rs +++ b/src/libs/auth/src/delegation/impls.rs @@ -1,5 +1,5 @@ use crate::delegation::types::{GetDelegationError, PrepareDelegationError}; -use crate::openid::types::errors::VerifyOpenidCredentialsError; +use crate::openid::delegation::types::errors::VerifyOpenidCredentialsError; impl From for GetDelegationError { fn from(e: VerifyOpenidCredentialsError) -> Self { diff --git a/src/libs/auth/src/delegation/prepare.rs b/src/libs/auth/src/delegation/prepare.rs index c5da48853..6889ba555 100644 --- a/src/libs/auth/src/delegation/prepare.rs +++ b/src/libs/auth/src/delegation/prepare.rs @@ -6,8 +6,8 @@ use crate::delegation::utils::duration::build_expiration; use crate::delegation::utils::seed::calculate_seed; use crate::delegation::utils::signature::{build_signature_inputs, build_signature_msg}; use crate::delegation::utils::targets::build_targets; +use crate::openid::delegation::types::interface::{OpenIdCredential, OpenIdCredentialKey}; use crate::openid::delegation::types::provider::OpenIdDelegationProvider; -use crate::openid::types::interface::{OpenIdCredential, OpenIdCredentialKey}; use crate::state::get_salt; use crate::state::services::mutate_state; use crate::strategies::{AuthCertificateStrategy, AuthHeapStrategy}; diff --git a/src/libs/auth/src/delegation/utils/seed.rs b/src/libs/auth/src/delegation/utils/seed.rs index 7ef1f4416..3911f4dbf 100644 --- a/src/libs/auth/src/delegation/utils/seed.rs +++ b/src/libs/auth/src/delegation/utils/seed.rs @@ -1,4 +1,4 @@ -use crate::openid::types::interface::OpenIdCredentialKey; +use crate::openid::delegation::types::interface::OpenIdCredentialKey; use crate::state::types::state::Salt; use ic_certification::Hash; use sha2::{Digest, Sha256}; @@ -30,7 +30,7 @@ fn hash_bytes(value: impl AsRef<[u8]>) -> Hash { #[cfg(test)] mod tests { use super::calculate_seed; - use crate::openid::types::interface::OpenIdCredentialKey; + use crate::openid::delegation::types::interface::OpenIdCredentialKey; use crate::state::types::state::Salt; use ic_certification::Hash; use sha2::{Digest, Sha256}; diff --git a/src/libs/auth/src/openid/delegation/impls.rs b/src/libs/auth/src/openid/delegation/impls.rs index 79a9bfbd0..169434afa 100644 --- a/src/libs/auth/src/openid/delegation/impls.rs +++ b/src/libs/auth/src/openid/delegation/impls.rs @@ -1,5 +1,33 @@ +use crate::openid::delegation::types::interface::{OpenIdCredential, OpenIdCredentialKey}; use crate::openid::delegation::types::provider::OpenIdDelegationProvider; +use crate::openid::jwt::types::token::Claims; use crate::openid::types::provider::OpenIdProvider; +use jsonwebtoken::TokenData; + +impl From> for OpenIdCredential { + fn from(token: TokenData) -> Self { + Self { + sub: token.claims.sub, + iss: token.claims.iss, + email: token.claims.email, + name: token.claims.name, + given_name: token.claims.given_name, + family_name: token.claims.family_name, + preferred_username: token.claims.preferred_username, + picture: token.claims.picture, + locale: token.claims.locale, + } + } +} + +impl<'a> From<&'a OpenIdCredential> for OpenIdCredentialKey<'a> { + fn from(credential: &'a OpenIdCredential) -> Self { + Self { + sub: &credential.sub, + iss: &credential.iss, + } + } +} impl TryFrom<&OpenIdProvider> for OpenIdDelegationProvider { type Error = String; diff --git a/src/libs/auth/src/openid/delegation/types.rs b/src/libs/auth/src/openid/delegation/types.rs index 3dadd1646..8646d806e 100644 --- a/src/libs/auth/src/openid/delegation/types.rs +++ b/src/libs/auth/src/openid/delegation/types.rs @@ -1,3 +1,38 @@ +pub mod interface { + pub struct OpenIdCredentialKey<'a> { + pub iss: &'a String, + pub sub: &'a String, + } + + pub struct OpenIdCredential { + pub iss: String, + pub sub: String, + + pub email: Option, + pub name: Option, + pub given_name: Option, + pub family_name: Option, + pub preferred_username: Option, + pub picture: Option, + pub locale: Option, + } +} + +pub(crate) mod errors { + use crate::openid::jwkset::types::errors::GetOrRefreshJwksError; + use crate::openid::jwt::types::errors::{JwtFindProviderError, JwtVerifyError}; + use candid::{CandidType, Deserialize}; + use serde::Serialize; + + #[derive(CandidType, Serialize, Deserialize, Debug)] + pub enum VerifyOpenidCredentialsError { + GetOrFetchJwks(GetOrRefreshJwksError), + GetCachedJwks, + JwtFindProvider(JwtFindProviderError), + JwtVerify(JwtVerifyError), + } +} + pub mod provider { use candid::{CandidType, Deserialize}; use serde::Serialize; diff --git a/src/libs/auth/src/openid/delegation/verify.rs b/src/libs/auth/src/openid/delegation/verify.rs index 509fe3318..7a2101942 100644 --- a/src/libs/auth/src/openid/delegation/verify.rs +++ b/src/libs/auth/src/openid/delegation/verify.rs @@ -1,9 +1,9 @@ +use crate::openid::delegation::types::errors::VerifyOpenidCredentialsError; +use crate::openid::delegation::types::interface::OpenIdCredential; use crate::openid::delegation::types::provider::OpenIdDelegationProvider; use crate::openid::jwkset::{get_jwks, get_or_refresh_jwks}; use crate::openid::jwt::types::cert::Jwks; use crate::openid::jwt::{unsafe_find_jwt_provider, verify_openid_jwt}; -use crate::openid::types::errors::VerifyOpenidCredentialsError; -use crate::openid::types::interface::OpenIdCredential; use crate::openid::types::provider::OpenIdProvider; use crate::openid::utils::build_nonce; use crate::state::types::config::{OpenIdProviderClientId, OpenIdProviders}; diff --git a/src/libs/auth/src/openid/impls.rs b/src/libs/auth/src/openid/impls.rs index 41d7776e7..87c7ff42b 100644 --- a/src/libs/auth/src/openid/impls.rs +++ b/src/libs/auth/src/openid/impls.rs @@ -1,38 +1,10 @@ use crate::openid::jwt::types::cert::Jwks; -use crate::openid::jwt::types::token::Claims; -use crate::openid::types::interface::{OpenIdCredential, OpenIdCredentialKey}; use crate::openid::types::provider::{OpenIdCertificate, OpenIdProvider}; use ic_cdk::api::time; -use jsonwebtoken::TokenData; use junobuild_shared::data::version::next_version; use junobuild_shared::types::state::{Version, Versioned}; use std::fmt::{Display, Formatter, Result as FmtResult}; -impl From> for OpenIdCredential { - fn from(token: TokenData) -> Self { - Self { - sub: token.claims.sub, - iss: token.claims.iss, - email: token.claims.email, - name: token.claims.name, - given_name: token.claims.given_name, - family_name: token.claims.family_name, - preferred_username: token.claims.preferred_username, - picture: token.claims.picture, - locale: token.claims.locale, - } - } -} - -impl<'a> From<&'a OpenIdCredential> for OpenIdCredentialKey<'a> { - fn from(credential: &'a OpenIdCredential) -> Self { - Self { - sub: &credential.sub, - iss: &credential.iss, - } - } -} - impl OpenIdProvider { pub fn jwks_url(&self) -> &'static str { match self { diff --git a/src/libs/auth/src/openid/types.rs b/src/libs/auth/src/openid/types.rs index 59a372983..f4e5dd701 100644 --- a/src/libs/auth/src/openid/types.rs +++ b/src/libs/auth/src/openid/types.rs @@ -1,38 +1,3 @@ -pub mod interface { - pub struct OpenIdCredentialKey<'a> { - pub iss: &'a String, - pub sub: &'a String, - } - - pub struct OpenIdCredential { - pub iss: String, - pub sub: String, - - pub email: Option, - pub name: Option, - pub given_name: Option, - pub family_name: Option, - pub preferred_username: Option, - pub picture: Option, - pub locale: Option, - } -} - -pub(crate) mod errors { - use crate::openid::jwkset::types::errors::GetOrRefreshJwksError; - use crate::openid::jwt::types::errors::{JwtFindProviderError, JwtVerifyError}; - use candid::{CandidType, Deserialize}; - use serde::Serialize; - - #[derive(CandidType, Serialize, Deserialize, Debug)] - pub enum VerifyOpenidCredentialsError { - GetOrFetchJwks(GetOrRefreshJwksError), - GetCachedJwks, - JwtFindProvider(JwtFindProviderError), - JwtVerify(JwtVerifyError), - } -} - pub mod provider { use crate::openid::jwt::types::cert::Jwks; use candid::{CandidType, Deserialize}; diff --git a/src/libs/satellite/src/auth/delegation.rs b/src/libs/satellite/src/auth/delegation.rs index 98a15bb78..224c51c33 100644 --- a/src/libs/satellite/src/auth/delegation.rs +++ b/src/libs/satellite/src/auth/delegation.rs @@ -4,8 +4,8 @@ use junobuild_auth::delegation::types::{ GetDelegationError, GetDelegationResult, OpenIdGetDelegationArgs, OpenIdPrepareDelegationArgs, PrepareDelegationError, PreparedDelegation, }; +use junobuild_auth::openid::delegation::types::interface::OpenIdCredential; use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider; -use junobuild_auth::openid::types::interface::OpenIdCredential; use junobuild_auth::state::types::config::OpenIdProviders; use junobuild_auth::{delegation, openid}; @@ -22,14 +22,15 @@ pub async fn openid_prepare_delegation( args: &OpenIdPrepareDelegationArgs, providers: &OpenIdProviders, ) -> OpenIdPrepareDelegationResult { - let (credential, provider) = match openid::delegation::verify_openid_credentials_with_jwks_renewal( - &args.jwt, &args.salt, providers, &AuthHeap, - ) - .await - { - Ok(value) => value, - Err(err) => return Err(PrepareDelegationError::from(err)), - }; + let (credential, provider) = + match openid::delegation::verify_openid_credentials_with_jwks_renewal( + &args.jwt, &args.salt, providers, &AuthHeap, + ) + .await + { + Ok(value) => value, + Err(err) => return Err(PrepareDelegationError::from(err)), + }; let result = delegation::openid_prepare_delegation( &args.session_key, @@ -46,12 +47,13 @@ pub fn openid_get_delegation( args: &OpenIdGetDelegationArgs, providers: &OpenIdProviders, ) -> GetDelegationResult { - let (credential, provider) = match openid::delegation::verify_openid_credentials_with_cached_jwks( - &args.jwt, &args.salt, providers, &AuthHeap, - ) { - Ok(value) => value, - Err(err) => return Err(GetDelegationError::from(err)), - }; + let (credential, provider) = + match openid::delegation::verify_openid_credentials_with_cached_jwks( + &args.jwt, &args.salt, providers, &AuthHeap, + ) { + Ok(value) => value, + Err(err) => return Err(GetDelegationError::from(err)), + }; delegation::openid_get_delegation( &args.session_key, diff --git a/src/libs/satellite/src/auth/register.rs b/src/libs/satellite/src/auth/register.rs index e14b6db36..2e1742ec7 100644 --- a/src/libs/satellite/src/auth/register.rs +++ b/src/libs/satellite/src/auth/register.rs @@ -7,8 +7,8 @@ use crate::user::core::types::state::{OpenIdData, ProviderData, UserData}; use crate::Doc; use candid::Principal; use junobuild_auth::delegation::types::UserKey; +use junobuild_auth::openid::delegation::types::interface::OpenIdCredential; use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider; -use junobuild_auth::openid::types::interface::OpenIdCredential; use junobuild_collections::constants::db::COLLECTION_USER_KEY; use junobuild_collections::msg::msg_db_collection_not_found; use junobuild_shared::ic::api::id; diff --git a/src/libs/satellite/src/user/core/impls.rs b/src/libs/satellite/src/user/core/impls.rs index 1647cba46..7238e123d 100644 --- a/src/libs/satellite/src/user/core/impls.rs +++ b/src/libs/satellite/src/user/core/impls.rs @@ -9,8 +9,8 @@ use crate::user::core::types::state::{ AuthProvider, OpenIdData, ProviderData, UserData, WebAuthnData, }; use crate::{Doc, SetDoc}; +use junobuild_auth::openid::delegation::types::interface::OpenIdCredential; use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider; -use junobuild_auth::openid::types::interface::OpenIdCredential; use junobuild_auth::profile::types::{OpenIdProfile, Validated}; use junobuild_utils::encode_doc_data;