refactor(auth): move openidcredentials to delegation sub-module

src/console/src/accounts/impls.rs

@@ -1,7 +1,7 @@
 use crate::constants::E8S_PER_ICP;
 use crate::types::state::{Account, OpenIdData, Provider};
 use ic_cdk::api::time;
-use junobuild_auth::openid::types::interface::OpenIdCredential;
+use junobuild_auth::openid::delegation::types::interface::OpenIdCredential;
 use junobuild_auth::profile::types::OpenIdProfile;
 use junobuild_shared::types::state::{MissionControlId, UserId};
 

src/console/src/auth/delegation.rs

@@ -4,8 +4,8 @@ use junobuild_auth::delegation::types::{
     GetDelegationError, GetDelegationResult, OpenIdGetDelegationArgs, OpenIdPrepareDelegationArgs,
     PrepareDelegationError, PreparedDelegation,
 };
+use junobuild_auth::openid::delegation::types::interface::OpenIdCredential;
 use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider;
-use junobuild_auth::openid::types::interface::OpenIdCredential;
 use junobuild_auth::state::types::config::OpenIdProviders;
 use junobuild_auth::{delegation, openid};
 
@@ -22,14 +22,15 @@ pub async fn openid_prepare_delegation(
     args: &OpenIdPrepareDelegationArgs,
     providers: &OpenIdProviders,
 ) -> OpenIdPrepareDelegationResult {
-    let (credential, provider) = match openid::delegation::verify_openid_credentials_with_jwks_renewal(
-        &args.jwt, &args.salt, providers, &AuthHeap,
-    )
-    .await
-    {
-        Ok(value) => value,
-        Err(err) => return Err(PrepareDelegationError::from(err)),
-    };
+    let (credential, provider) =
+        match openid::delegation::verify_openid_credentials_with_jwks_renewal(
+            &args.jwt, &args.salt, providers, &AuthHeap,
+        )
+        .await
+        {
+            Ok(value) => value,
+            Err(err) => return Err(PrepareDelegationError::from(err)),
+        };
 
     let result = delegation::openid_prepare_delegation(
         &args.session_key,
@@ -46,12 +47,13 @@ pub fn openid_get_delegation(
     args: &OpenIdGetDelegationArgs,
     providers: &OpenIdProviders,
 ) -> GetDelegationResult {
-    let (credential, provider) = match openid::delegation::verify_openid_credentials_with_cached_jwks(
-        &args.jwt, &args.salt, providers, &AuthHeap,
-    ) {
-        Ok(value) => value,
-        Err(err) => return Err(GetDelegationError::from(err)),
-    };
+    let (credential, provider) =
+        match openid::delegation::verify_openid_credentials_with_cached_jwks(
+            &args.jwt, &args.salt, providers, &AuthHeap,
+        ) {
+            Ok(value) => value,
+            Err(err) => return Err(GetDelegationError::from(err)),
+        };
 
     delegation::openid_get_delegation(
         &args.session_key,

src/console/src/auth/register.rs

@@ -3,8 +3,8 @@ use crate::types::state::OpenId;
 use crate::types::state::{Account, OpenIdData, Provider};
 use candid::Principal;
 use junobuild_auth::delegation::types::UserKey;
+use junobuild_auth::openid::delegation::types::interface::OpenIdCredential;
 use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider;
-use junobuild_auth::openid::types::interface::OpenIdCredential;
 
 pub async fn register_account(
     public_key: &UserKey,

src/libs/auth/src/delegation/get.rs

@@ -4,8 +4,8 @@ use crate::delegation::types::{
 use crate::delegation::utils::seed::calculate_seed;
 use crate::delegation::utils::signature::{build_signature_inputs, build_signature_msg};
 use crate::delegation::utils::targets::build_targets;
+use crate::openid::delegation::types::interface::{OpenIdCredential, OpenIdCredentialKey};
 use crate::openid::delegation::types::provider::OpenIdDelegationProvider;
-use crate::openid::types::interface::{OpenIdCredential, OpenIdCredentialKey};
 use crate::state::get_salt;
 use crate::state::services::read_state;
 use crate::strategies::{AuthCertificateStrategy, AuthHeapStrategy};

src/libs/auth/src/delegation/impls.rs

@@ -1,5 +1,5 @@
 use crate::delegation::types::{GetDelegationError, PrepareDelegationError};
-use crate::openid::types::errors::VerifyOpenidCredentialsError;
+use crate::openid::delegation::types::errors::VerifyOpenidCredentialsError;
 
 impl From<VerifyOpenidCredentialsError> for GetDelegationError {
     fn from(e: VerifyOpenidCredentialsError) -> Self {

src/libs/auth/src/delegation/prepare.rs

@@ -6,8 +6,8 @@ use crate::delegation::utils::duration::build_expiration;
 use crate::delegation::utils::seed::calculate_seed;
 use crate::delegation::utils::signature::{build_signature_inputs, build_signature_msg};
 use crate::delegation::utils::targets::build_targets;
+use crate::openid::delegation::types::interface::{OpenIdCredential, OpenIdCredentialKey};
 use crate::openid::delegation::types::provider::OpenIdDelegationProvider;
-use crate::openid::types::interface::{OpenIdCredential, OpenIdCredentialKey};
 use crate::state::get_salt;
 use crate::state::services::mutate_state;
 use crate::strategies::{AuthCertificateStrategy, AuthHeapStrategy};

src/libs/auth/src/delegation/utils/seed.rs

@@ -1,4 +1,4 @@
-use crate::openid::types::interface::OpenIdCredentialKey;
+use crate::openid::delegation::types::interface::OpenIdCredentialKey;
 use crate::state::types::state::Salt;
 use ic_certification::Hash;
 use sha2::{Digest, Sha256};
@@ -30,7 +30,7 @@ fn hash_bytes(value: impl AsRef<[u8]>) -> Hash {
 #[cfg(test)]
 mod tests {
     use super::calculate_seed;
-    use crate::openid::types::interface::OpenIdCredentialKey;
+    use crate::openid::delegation::types::interface::OpenIdCredentialKey;
     use crate::state::types::state::Salt;
     use ic_certification::Hash;
     use sha2::{Digest, Sha256};

src/libs/auth/src/openid/delegation/impls.rs

@@ -1,5 +1,33 @@
+use crate::openid::delegation::types::interface::{OpenIdCredential, OpenIdCredentialKey};
 use crate::openid::delegation::types::provider::OpenIdDelegationProvider;
+use crate::openid::jwt::types::token::Claims;
 use crate::openid::types::provider::OpenIdProvider;
+use jsonwebtoken::TokenData;
+
+impl From<TokenData<Claims>> for OpenIdCredential {
+    fn from(token: TokenData<Claims>) -> Self {
+        Self {
+            sub: token.claims.sub,
+            iss: token.claims.iss,
+            email: token.claims.email,
+            name: token.claims.name,
+            given_name: token.claims.given_name,
+            family_name: token.claims.family_name,
+            preferred_username: token.claims.preferred_username,
+            picture: token.claims.picture,
+            locale: token.claims.locale,
+        }
+    }
+}
+
+impl<'a> From<&'a OpenIdCredential> for OpenIdCredentialKey<'a> {
+    fn from(credential: &'a OpenIdCredential) -> Self {
+        Self {
+            sub: &credential.sub,
+            iss: &credential.iss,
+        }
+    }
+}
 
 impl TryFrom<&OpenIdProvider> for OpenIdDelegationProvider {
     type Error = String;

src/libs/auth/src/openid/delegation/types.rs

@@ -1,3 +1,38 @@
+pub mod interface {
+    pub struct OpenIdCredentialKey<'a> {
+        pub iss: &'a String,
+        pub sub: &'a String,
+    }
+
+    pub struct OpenIdCredential {
+        pub iss: String,
+        pub sub: String,
+
+        pub email: Option<String>,
+        pub name: Option<String>,
+        pub given_name: Option<String>,
+        pub family_name: Option<String>,
+        pub preferred_username: Option<String>,
+        pub picture: Option<String>,
+        pub locale: Option<String>,
+    }
+}
+
+pub(crate) mod errors {
+    use crate::openid::jwkset::types::errors::GetOrRefreshJwksError;
+    use crate::openid::jwt::types::errors::{JwtFindProviderError, JwtVerifyError};
+    use candid::{CandidType, Deserialize};
+    use serde::Serialize;
+
+    #[derive(CandidType, Serialize, Deserialize, Debug)]
+    pub enum VerifyOpenidCredentialsError {
+        GetOrFetchJwks(GetOrRefreshJwksError),
+        GetCachedJwks,
+        JwtFindProvider(JwtFindProviderError),
+        JwtVerify(JwtVerifyError),
+    }
+}
+
 pub mod provider {
     use candid::{CandidType, Deserialize};
     use serde::Serialize;

src/libs/auth/src/openid/delegation/verify.rs

@@ -1,9 +1,9 @@
+use crate::openid::delegation::types::errors::VerifyOpenidCredentialsError;
+use crate::openid::delegation::types::interface::OpenIdCredential;
 use crate::openid::delegation::types::provider::OpenIdDelegationProvider;
 use crate::openid::jwkset::{get_jwks, get_or_refresh_jwks};
 use crate::openid::jwt::types::cert::Jwks;
 use crate::openid::jwt::{unsafe_find_jwt_provider, verify_openid_jwt};
-use crate::openid::types::errors::VerifyOpenidCredentialsError;
-use crate::openid::types::interface::OpenIdCredential;
 use crate::openid::types::provider::OpenIdProvider;
 use crate::openid::utils::build_nonce;
 use crate::state::types::config::{OpenIdProviderClientId, OpenIdProviders};

src/libs/auth/src/openid/impls.rs

@@ -1,38 +1,10 @@
 use crate::openid::jwt::types::cert::Jwks;
-use crate::openid::jwt::types::token::Claims;
-use crate::openid::types::interface::{OpenIdCredential, OpenIdCredentialKey};
 use crate::openid::types::provider::{OpenIdCertificate, OpenIdProvider};
 use ic_cdk::api::time;
-use jsonwebtoken::TokenData;
 use junobuild_shared::data::version::next_version;
 use junobuild_shared::types::state::{Version, Versioned};
 use std::fmt::{Display, Formatter, Result as FmtResult};
 
-impl From<TokenData<Claims>> for OpenIdCredential {
-    fn from(token: TokenData<Claims>) -> Self {
-        Self {
-            sub: token.claims.sub,
-            iss: token.claims.iss,
-            email: token.claims.email,
-            name: token.claims.name,
-            given_name: token.claims.given_name,
-            family_name: token.claims.family_name,
-            preferred_username: token.claims.preferred_username,
-            picture: token.claims.picture,
-            locale: token.claims.locale,
-        }
-    }
-}
-
-impl<'a> From<&'a OpenIdCredential> for OpenIdCredentialKey<'a> {
-    fn from(credential: &'a OpenIdCredential) -> Self {
-        Self {
-            sub: &credential.sub,
-            iss: &credential.iss,
-        }
-    }
-}
-
 impl OpenIdProvider {
     pub fn jwks_url(&self) -> &'static str {
         match self {

src/libs/auth/src/openid/types.rs

@@ -1,38 +1,3 @@
-pub mod interface {
-    pub struct OpenIdCredentialKey<'a> {
-        pub iss: &'a String,
-        pub sub: &'a String,
-    }
-
-    pub struct OpenIdCredential {
-        pub iss: String,
-        pub sub: String,
-
-        pub email: Option<String>,
-        pub name: Option<String>,
-        pub given_name: Option<String>,
-        pub family_name: Option<String>,
-        pub preferred_username: Option<String>,
-        pub picture: Option<String>,
-        pub locale: Option<String>,
-    }
-}
-
-pub(crate) mod errors {
-    use crate::openid::jwkset::types::errors::GetOrRefreshJwksError;
-    use crate::openid::jwt::types::errors::{JwtFindProviderError, JwtVerifyError};
-    use candid::{CandidType, Deserialize};
-    use serde::Serialize;
-
-    #[derive(CandidType, Serialize, Deserialize, Debug)]
-    pub enum VerifyOpenidCredentialsError {
-        GetOrFetchJwks(GetOrRefreshJwksError),
-        GetCachedJwks,
-        JwtFindProvider(JwtFindProviderError),
-        JwtVerify(JwtVerifyError),
-    }
-}
-
 pub mod provider {
     use crate::openid::jwt::types::cert::Jwks;
     use candid::{CandidType, Deserialize};

src/libs/satellite/src/auth/delegation.rs

@@ -4,8 +4,8 @@ use junobuild_auth::delegation::types::{
     GetDelegationError, GetDelegationResult, OpenIdGetDelegationArgs, OpenIdPrepareDelegationArgs,
     PrepareDelegationError, PreparedDelegation,
 };
+use junobuild_auth::openid::delegation::types::interface::OpenIdCredential;
 use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider;
-use junobuild_auth::openid::types::interface::OpenIdCredential;
 use junobuild_auth::state::types::config::OpenIdProviders;
 use junobuild_auth::{delegation, openid};
 
@@ -22,14 +22,15 @@ pub async fn openid_prepare_delegation(
     args: &OpenIdPrepareDelegationArgs,
     providers: &OpenIdProviders,
 ) -> OpenIdPrepareDelegationResult {
-    let (credential, provider) = match openid::delegation::verify_openid_credentials_with_jwks_renewal(
-        &args.jwt, &args.salt, providers, &AuthHeap,
-    )
-    .await
-    {
-        Ok(value) => value,
-        Err(err) => return Err(PrepareDelegationError::from(err)),
-    };
+    let (credential, provider) =
+        match openid::delegation::verify_openid_credentials_with_jwks_renewal(
+            &args.jwt, &args.salt, providers, &AuthHeap,
+        )
+        .await
+        {
+            Ok(value) => value,
+            Err(err) => return Err(PrepareDelegationError::from(err)),
+        };
 
     let result = delegation::openid_prepare_delegation(
         &args.session_key,
@@ -46,12 +47,13 @@ pub fn openid_get_delegation(
     args: &OpenIdGetDelegationArgs,
     providers: &OpenIdProviders,
 ) -> GetDelegationResult {
-    let (credential, provider) = match openid::delegation::verify_openid_credentials_with_cached_jwks(
-        &args.jwt, &args.salt, providers, &AuthHeap,
-    ) {
-        Ok(value) => value,
-        Err(err) => return Err(GetDelegationError::from(err)),
-    };
+    let (credential, provider) =
+        match openid::delegation::verify_openid_credentials_with_cached_jwks(
+            &args.jwt, &args.salt, providers, &AuthHeap,
+        ) {
+            Ok(value) => value,
+            Err(err) => return Err(GetDelegationError::from(err)),
+        };
 
     delegation::openid_get_delegation(
         &args.session_key,

src/libs/satellite/src/auth/register.rs

@@ -7,8 +7,8 @@ use crate::user::core::types::state::{OpenIdData, ProviderData, UserData};
 use crate::Doc;
 use candid::Principal;
 use junobuild_auth::delegation::types::UserKey;
+use junobuild_auth::openid::delegation::types::interface::OpenIdCredential;
 use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider;
-use junobuild_auth::openid::types::interface::OpenIdCredential;
 use junobuild_collections::constants::db::COLLECTION_USER_KEY;
 use junobuild_collections::msg::msg_db_collection_not_found;
 use junobuild_shared::ic::api::id;

src/libs/satellite/src/user/core/impls.rs

@@ -9,8 +9,8 @@ use crate::user::core::types::state::{
     AuthProvider, OpenIdData, ProviderData, UserData, WebAuthnData,
 };
 use crate::{Doc, SetDoc};
+use junobuild_auth::openid::delegation::types::interface::OpenIdCredential;
 use junobuild_auth::openid::delegation::types::provider::OpenIdDelegationProvider;
-use junobuild_auth::openid::types::interface::OpenIdCredential;
 use junobuild_auth::profile::types::{OpenIdProfile, Validated};
 use junobuild_utils::encode_doc_data;