1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#[macro_use]
extern crate failure;
#[macro_use]
extern crate serde_derive;
#[macro_use]
extern crate log;
use azure_sdk_core::errors::AzureError;
use futures::future::{done, ok, Future};
use log::debug;
use oauth2::basic::BasicClient;
use oauth2::curl::http_client;
use oauth2::{
AuthType, AuthUrl, AuthorizationCode, ClientId, ClientSecret, CsrfToken, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, TokenUrl,
};
use url::form_urlencoded;
use url::Url;
mod login_response;
use azure_sdk_core::perform_http_request;
use http::status::StatusCode;
use hyper::{Body, Client, Request};
pub use login_response::*;
use std::sync::Arc;
pub mod errors;
mod naive_server;
pub use naive_server::naive_server;
#[derive(Debug)]
pub struct AuthObj {
pub client: BasicClient,
pub authorize_url: Url,
pub csrf_state: CsrfToken,
pub pkce_code_verifier: PkceCodeVerifier,
}
pub fn authorize_delegate(client_id: ClientId, client_secret: ClientSecret, tenant_id: &str, redirect_url: Url, resource: &str) -> AuthObj {
let auth_url = AuthUrl::new(
Url::parse(&format!("https://login.microsoftonline.com/{}/oauth2/authorize", tenant_id))
.expect("Invalid authorization endpoint URL"),
);
let token_url = TokenUrl::new(
Url::parse(&format!("https://login.microsoftonline.com/{}/oauth2/v2.0/token", tenant_id)).expect("Invalid token endpoint URL"),
);
let client = BasicClient::new(client_id, Some(client_secret), auth_url, Some(token_url))
.set_auth_type(AuthType::RequestBody)
.set_redirect_url(RedirectUrl::new(redirect_url));
let (pkce_code_challenge, pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
let (authorize_url, csrf_state) = client
.authorize_url(CsrfToken::new_random)
.add_extra_param("resource", resource)
.set_pkce_challenge(pkce_code_challenge)
.url();
AuthObj {
client,
authorize_url,
csrf_state,
pkce_code_verifier,
}
}
pub fn exchange(
auth_obj: AuthObj,
code: AuthorizationCode,
) -> Result<
oauth2::StandardTokenResponse<oauth2::EmptyExtraTokenFields, oauth2::basic::BasicTokenType>,
oauth2::RequestTokenError<oauth2::curl::Error, oauth2::StandardErrorResponse<oauth2::basic::BasicErrorResponseType>>,
> {
let token = auth_obj
.client
.exchange_code(code)
.set_pkce_verifier(auth_obj.pkce_code_verifier)
.request(http_client);
println!("MS Graph returned the following token:\n{:?}\n", token);
token
}
pub fn authorize_non_interactive(
client: Arc<Client<hyper_rustls::HttpsConnector<hyper::client::HttpConnector>>>,
client_id: &oauth2::ClientId,
client_secret: &oauth2::ClientSecret,
resource: &str,
tenant_id: &str,
) -> impl Future<Item = LoginResponse, Error = AzureError> {
let encoded: String = form_urlencoded::Serializer::new(String::new())
.append_pair("grant_type", "client_credentials")
.append_pair("client_id", client_id.as_str())
.append_pair("client_secret", client_secret.secret())
.append_pair("resource", resource)
.finish();
let uri = format!("https://login.microsoftonline.com/{}/oauth2/token", tenant_id);
done(
Request::builder()
.method("POST")
.header("ContentType", "Application / WwwFormUrlEncoded")
.uri(uri)
.body(Body::from(encoded)),
)
.from_err()
.and_then(move |request| {
perform_http_request(&client, request, StatusCode::OK).and_then(|resp| {
done(LoginResponse::from_str(&resp)).from_err().and_then(|r| {
println!("{:?}", r);
ok(r)
})
})
})
}