Custom claims (#21)

* Update deps * Allow user to specify custom deserialize-ownedable claims * Update changelog * Relax dependencies
EmbarkStudios · Sep 13, 2022 · 7e129b5 · 7e129b5
1 parent a0f1d4d
commit 7e129b5
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- next-header -->
 ## [Unreleased] - ReleaseDate
+### Changed
+- Make claims flexible by accepting any user provided DeserializeOwned in functions, 
+that extract claims.
 
 ## [0.5.0] - 2022-04-25
 ### Added

diff --git a/Cargo.toml b/Cargo.toml
@@ -19,23 +19,23 @@ name = "embark"
 path = "examples/embark.rs"
 
 [dependencies]
-base64 = "0.13.0"
+base64 = "0.13"
 http = "0.2"
-jsonwebtoken = "8.0.1"
-serde = { version = "1.0.136", features = ["derive"] }
-serde_json = "1.0.78"
-url = "2.2.2"
-thiserror = "1.0.30"
+jsonwebtoken = "8.1"
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+url = "2.3"
+thiserror = "1"
 
 ## dev dependencies below
 [dev-dependencies]
-bytes = "1.1"
+bytes = "1.2"
 
 [dev-dependencies.reqwest]
-version = "0.11.9"
+version = "0.11"
 features = ["rustls-tls"]
 default-features = false
 
 [dev-dependencies.tokio]
-version = "1.16.1"
+version = "1.21"
 features = ["macros", "rt-multi-thread"]
diff --git a/examples/embark.rs b/examples/embark.rs
@@ -8,6 +8,7 @@ use std::{
     str,
 };
 use tame_oidc::auth_scheme::{AuthenticationScheme, ClientAuthentication, ClientCredentials};
+use tame_oidc::provider::Claims;
 use tame_oidc::{
     oidc::Token,
     provider::{self, Provider, JWKS},
@@ -109,7 +110,7 @@ async fn main() {
     let response = http_send(&http_client, request).await;
     let jwks = JWKS::from_response(response).unwrap();
 
-    let token_data = provider::verify_token(&access_token.access_token, &jwks.keys);
+    let token_data = provider::verify_token::<Claims>(&access_token.access_token, &jwks.keys);
     dbg!(&token_data);
     dbg!(&access_token);
     let refresh_token = access_token.refresh_token.unwrap();

diff --git a/src/provider.rs b/src/provider.rs
@@ -6,6 +6,7 @@ use crate::{
 };
 use http::{Request, Uri};
 use jsonwebtoken::{decode, Algorithm, DecodingKey, TokenData, Validation};
+use serde::de::DeserializeOwned;
 use serde::{Deserialize, Serialize};
 use std::convert::TryInto;
 
@@ -207,7 +208,10 @@ pub struct Claims {
 
 /// Deserialize token data
 /// Returns either a token or jsonwebtoken error
-pub fn verify_token(token: &str, jwks: &[JWK]) -> Result<TokenData<Claims>, TokenDataError> {
+pub fn verify_token<CLAIMS>(token: &str, jwks: &[JWK]) -> Result<TokenData<CLAIMS>, TokenDataError>
+where
+    CLAIMS: DeserializeOwned,
+{
     let mut error = None;
     for jwk in jwks {
         if let JWK::RSA(enc_key) = jwk {
@@ -223,25 +227,31 @@ pub fn verify_token(token: &str, jwks: &[JWK]) -> Result<TokenData<Claims>, Toke
         .unwrap_or(Err(TokenDataError::NoJWKs))
 }
 
-fn try_token_data(
+fn try_token_data<CLAIMS>(
     token: &str,
     enc_key: &RsaJwk,
-) -> jsonwebtoken::errors::Result<TokenData<Claims>> {
+) -> jsonwebtoken::errors::Result<TokenData<CLAIMS>>
+where
+    CLAIMS: DeserializeOwned,
+{
     let mut validation = Validation::default();
     validation.algorithms = vec![Algorithm::RS256, Algorithm::RS384, Algorithm::RS512];
 
-    decode::<Claims>(
+    decode::<CLAIMS>(
         token,
         &DecodingKey::from_rsa_components(&enc_key.key, &enc_key.exponent)?,
         &validation,
     )
 }
 
-pub fn verify_rsa(
+pub fn verify_rsa<CLAIMS>(
     token: &str,
     jwks: &[JWK],
     validation: Validation,
-) -> Result<TokenData<Claims>, TokenDataError> {
+) -> Result<TokenData<CLAIMS>, TokenDataError>
+where
+    CLAIMS: DeserializeOwned,
+{
     let mut error = None;
     for jwk in jwks {
         if let JWK::RSA(rsa) = jwk {
@@ -257,13 +267,16 @@ pub fn verify_rsa(
         .unwrap_or(Err(TokenDataError::NoJWKs))
 }
 
-fn try_token_rsa_data(
+fn try_token_rsa_data<CLAIMS>(
     token: &str,
     key: &str,
     exponent: &str,
     validation: &Validation,
-) -> jsonwebtoken::errors::Result<TokenData<Claims>> {
-    decode::<Claims>(
+) -> jsonwebtoken::errors::Result<TokenData<CLAIMS>>
+where
+    CLAIMS: DeserializeOwned,
+{
+    decode::<CLAIMS>(
         token,
         &DecodingKey::from_rsa_components(key, exponent)?,
         validation,