fix(openid): add subject_types_supported in well-known OIDC config

lib/http_server/src/controllers/api/oauth2/access_token.rs

@@ -1,7 +1,7 @@
 use axum::{extract::State, http::StatusCode, response::{Html, IntoResponse}, Extension, Form, Json};
 use chrono::{Duration, Utc};
 use fully_pub::fully_pub;
-use log::error;
+use log::{debug, error};
 use serde::{Deserialize, Serialize};
 
 use kernel::{models::authorization::Authorization, repositories::users::get_user_by_id};
@@ -11,7 +11,7 @@ use crate::{
 
 const AUTHORIZATION_CODE_TTL_SECONDS: i64 = 120;
 
-#[derive(Serialize, Deserialize)]
+#[derive(Serialize, Deserialize, Debug)]
 #[fully_pub]
 struct AccessTokenRequestParams {
     grant_type: String,
@@ -48,6 +48,7 @@ pub async fn get_access_token(
     let authorization = match authorizations_res {
         Ok(val) => val,
         Err(sqlx::Error::RowNotFound) => {
+            error!("Received invalid authorization_code.");
             return (
                 StatusCode::BAD_REQUEST,
                 Json("Invalid authorization_code.")
@@ -68,12 +69,15 @@ pub async fn get_access_token(
             Utc::now().signed_duration_since(ts) < Duration::seconds(AUTHORIZATION_CODE_TTL_SECONDS)
         });
     if !is_code_valid {
+        debug!("Received expired authorization code");
         return (
             StatusCode::BAD_REQUEST,
             Json("Authorization code has expired.")
         ).into_response();
     }
 
+    debug!("Generating access_token and id_token.");
+
     // 2.3. Fetch user resource owner
     let user = get_user_by_id(&app_state.db, &authorization.user_id)
         .await

lib/http_server/src/controllers/api/openid/keys.rs

@@ -1,5 +1,3 @@
-use std::str::FromStr;
-
 use jsonwebkey_convert_repaired::RSAPublicKey;
 use jsonwebkey_convert_repaired::der::FromPem;
 

lib/http_server/src/controllers/api/openid/well_known.rs

@@ -17,6 +17,7 @@ struct WellKnownOpenIdConfiguration {
     userinfo_endpoint: String,
     scopes_supported: Vec<String>,
     response_types_supported: Vec<String>,
+    subject_types_supported: Vec<String>,
     token_endpoint_auth_methods_supported: Vec<String>,
     id_token_signing_alg_values_supported: Vec<String>,
     jwks_uri: String
@@ -33,6 +34,7 @@ pub async fn get_well_known_openid_configuration(
         userinfo_endpoint: format!("{}/api/user", base_url),
         scopes_supported: AuthorizationScope::iter().map(|v| v.to_string()).collect(),
         response_types_supported: vec!["code".into()],
+        subject_types_supported: vec!["public".into(), "pairwise".into()],
         token_endpoint_auth_methods_supported: vec!["client_secret_basic".into()],
         id_token_signing_alg_values_supported: vec!["RS256".into()],
         jwks_uri: format!("{}/.well-known/jwks", base_url)