corevpn_auth/
lib.rs

1//! CoreVPN Authentication System
2//!
3//! Provides OAuth2/OIDC authentication with support for:
4//! - Google Workspace
5//! - Microsoft Entra ID (Azure AD)
6//! - Okta
7//! - Generic OIDC providers
8
9#![forbid(unsafe_code)]
10#![warn(missing_docs, rust_2018_idioms)]
11
12pub mod error;
13pub mod provider;
14pub mod flow;
15pub mod token;
16pub mod session;
17
18pub use error::{AuthError, Result};
19pub use provider::{OAuthProvider, ProviderConfig, ProviderType};
20pub use flow::{AuthFlow, AuthState, DeviceAuthFlow};
21pub use token::{TokenSet, TokenValidator, UserInfo};
22pub use session::{AuthSession, AuthSessionManager};
23
24/// Supported OAuth2 providers with pre-configured settings
25#[derive(Debug, Clone)]
26pub enum KnownProvider {
27    /// Google Workspace
28    Google {
29        /// OAuth2 Client ID
30        client_id: String,
31        /// OAuth2 Client Secret
32        client_secret: String,
33        /// Allowed domain (e.g., "company.com")
34        allowed_domain: Option<String>,
35    },
36    /// Microsoft Entra ID (Azure AD)
37    Microsoft {
38        /// OAuth2 Client ID
39        client_id: String,
40        /// OAuth2 Client Secret
41        client_secret: String,
42        /// Tenant ID (or "common" for multi-tenant)
43        tenant_id: String,
44    },
45    /// Okta
46    Okta {
47        /// OAuth2 Client ID
48        client_id: String,
49        /// OAuth2 Client Secret
50        client_secret: String,
51        /// Okta domain (e.g., "company.okta.com")
52        domain: String,
53        /// Authorization server ID (or "default")
54        auth_server_id: Option<String>,
55    },
56    /// Generic OIDC provider
57    Generic {
58        /// Display name
59        name: String,
60        /// OAuth2 Client ID
61        client_id: String,
62        /// OAuth2 Client Secret
63        client_secret: String,
64        /// Issuer URL (for OIDC discovery)
65        issuer_url: String,
66    },
67}
68
69impl KnownProvider {
70    /// Get the issuer URL for this provider
71    pub fn issuer_url(&self) -> String {
72        match self {
73            KnownProvider::Google { .. } => "https://accounts.google.com".to_string(),
74            KnownProvider::Microsoft { tenant_id, .. } => {
75                format!("https://login.microsoftonline.com/{}/v2.0", tenant_id)
76            }
77            KnownProvider::Okta { domain, auth_server_id, .. } => {
78                match auth_server_id {
79                    Some(id) => format!("https://{}/oauth2/{}", domain, id),
80                    None => format!("https://{}/oauth2/default", domain),
81                }
82            }
83            KnownProvider::Generic { issuer_url, .. } => issuer_url.clone(),
84        }
85    }
86
87    /// Get the client ID
88    pub fn client_id(&self) -> &str {
89        match self {
90            KnownProvider::Google { client_id, .. } => client_id,
91            KnownProvider::Microsoft { client_id, .. } => client_id,
92            KnownProvider::Okta { client_id, .. } => client_id,
93            KnownProvider::Generic { client_id, .. } => client_id,
94        }
95    }
96
97    /// Get the client secret
98    pub fn client_secret(&self) -> &str {
99        match self {
100            KnownProvider::Google { client_secret, .. } => client_secret,
101            KnownProvider::Microsoft { client_secret, .. } => client_secret,
102            KnownProvider::Okta { client_secret, .. } => client_secret,
103            KnownProvider::Generic { client_secret, .. } => client_secret,
104        }
105    }
106
107    /// Get provider type name
108    pub fn provider_type(&self) -> &'static str {
109        match self {
110            KnownProvider::Google { .. } => "google",
111            KnownProvider::Microsoft { .. } => "microsoft",
112            KnownProvider::Okta { .. } => "okta",
113            KnownProvider::Generic { .. } => "generic",
114        }
115    }
116}
corevpn_auth/lib.rs

corevpn_auth/
lib.rs
