feat(authorize): add implicit authorize flow

2024-11-14 13:35:46 +01:00 · 2024-11-14 13:35:46 +01:00 · f0fad9a90a
commit f0fad9a90a
parent fa31485e44
4 changed files with 54 additions and 2 deletions
--- a/src/controllers/ui/authorize.rs
+++ b/src/controllers/ui/authorize.rs
@ -8,7 +8,7 @@ use url::Url;
 use uuid::Uuid;

 use crate::{
-    models::{authorization::Authorization, token_claims::UserTokenClaims},
+    models::{authorization::Authorization, config::AppAuthorizeFlow, token_claims::UserTokenClaims},
    renderer::TemplateRenderer, server::AppState,
    services::oauth2::{parse_scope, verify_redirect_uri},
    utils::get_random_alphanumerical
@ -97,6 +97,7 @@ pub async fn authorize_form(
            ).into_response();
        }
    };
+
    // 2. Check if the app is already authorized
    let authorizations_res = sqlx::query_as::<_, Authorization>(
        "SELECT * FROM authorizations WHERE user_id = $1 AND client_id = $2 AND scopes = $3"
@ -139,7 +140,19 @@ pub async fn authorize_form(
        }
    }

+    // 3. Check for implicit/explicit flow
+    if app.authorize_flow == AppAuthorizeFlow::Implicit {
+        debug!("Performing Implicit authorization flow.");
+        // Authorization already given, just redirect to the app
+        return perform_authorize(
+            State(app_state),
+            Extension(token_claims),
+            Form(authorization_params)
+        ).await.into_response()
+    }
+
    // 4. Show form that POST to authorize
+    debug!("Performing explicit authorization flow.");
    renderer
        .render(
            "pages/authorize",
--- a/src/models/config.rs
+++ b/src/models/config.rs
@ -12,6 +12,15 @@ struct InstanceConfig {
    logo_uri: Option<String>
 }

+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+#[fully_pub]
+enum AppAuthorizeFlow {
+    /// user must grant the app
+    Explicit,
+    /// authorized by default for all scopes
+    Implicit
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[fully_pub]
 struct Application {
@ -20,7 +29,8 @@ struct Application {
    description: String,
    client_id: String,
    client_secret: String,
-    allowed_redirect_uris: Vec<String>
+    allowed_redirect_uris: Vec<String>,
+    authorize_flow: AppAuthorizeFlow
 }

 #[derive(Debug, Clone, Serialize, Deserialize)]