Skip to main content

corevpn_auth/
lib.rs

1//! CoreVPN Authentication System
2//!
3//! Provides OAuth2/OIDC authentication with support for:
4//! - Google Workspace
5//! - Microsoft Entra ID (Azure AD)
6//! - Okta
7//! - Generic OIDC providers
8
9#![forbid(unsafe_code)]
10#![warn(missing_docs, rust_2018_idioms)]
11
12pub mod error;
13pub mod provider;
14pub mod flow;
15pub mod token;
16pub mod session;
17
18pub use error::{AuthError, Result};
19pub use provider::{OAuthProvider, ProviderConfig, ProviderType};
20pub use flow::{AuthFlow, AuthState, DeviceAuthFlow};
21pub use token::{TokenSet, TokenValidator, UserInfo};
22pub use session::{AuthSession, AuthSessionManager};
23
24use secrecy::{Secret, SecretString};
25
26/// Supported OAuth2 providers with pre-configured settings
27#[derive(Clone)]
28pub enum KnownProvider {
29    /// Google Workspace
30    Google {
31        /// OAuth2 Client ID
32        client_id: String,
33        /// OAuth2 Client Secret
34        client_secret: SecretString,
35        /// Allowed domain (e.g., "company.com")
36        allowed_domain: Option<String>,
37    },
38    /// Microsoft Entra ID (Azure AD)
39    Microsoft {
40        /// OAuth2 Client ID
41        client_id: String,
42        /// OAuth2 Client Secret
43        client_secret: SecretString,
44        /// Tenant ID (or "common" for multi-tenant)
45        tenant_id: String,
46    },
47    /// Okta
48    Okta {
49        /// OAuth2 Client ID
50        client_id: String,
51        /// OAuth2 Client Secret
52        client_secret: SecretString,
53        /// Okta domain (e.g., "company.okta.com")
54        domain: String,
55        /// Authorization server ID (or "default")
56        auth_server_id: Option<String>,
57    },
58    /// Generic OIDC provider
59    Generic {
60        /// Display name
61        name: String,
62        /// OAuth2 Client ID
63        client_id: String,
64        /// OAuth2 Client Secret
65        client_secret: SecretString,
66        /// Issuer URL (for OIDC discovery)
67        issuer_url: String,
68    },
69}
70
71impl KnownProvider {
72    /// Get the issuer URL for this provider
73    pub fn issuer_url(&self) -> String {
74        match self {
75            KnownProvider::Google { .. } => "https://accounts.google.com".to_string(),
76            KnownProvider::Microsoft { tenant_id, .. } => {
77                format!("https://login.microsoftonline.com/{}/v2.0", tenant_id)
78            }
79            KnownProvider::Okta { domain, auth_server_id, .. } => {
80                match auth_server_id {
81                    Some(id) => format!("https://{}/oauth2/{}", domain, id),
82                    None => format!("https://{}/oauth2/default", domain),
83                }
84            }
85            KnownProvider::Generic { issuer_url, .. } => issuer_url.clone(),
86        }
87    }
88
89    /// Get the client ID
90    pub fn client_id(&self) -> &str {
91        match self {
92            KnownProvider::Google { client_id, .. } => client_id,
93            KnownProvider::Microsoft { client_id, .. } => client_id,
94            KnownProvider::Okta { client_id, .. } => client_id,
95            KnownProvider::Generic { client_id, .. } => client_id,
96        }
97    }
98
99    /// Get the client secret
100    pub fn client_secret(&self) -> &SecretString {
101        match self {
102            KnownProvider::Google { client_secret, .. } => client_secret,
103            KnownProvider::Microsoft { client_secret, .. } => client_secret,
104            KnownProvider::Okta { client_secret, .. } => client_secret,
105            KnownProvider::Generic { client_secret, .. } => client_secret,
106        }
107    }
108
109    /// Get provider type name
110    pub fn provider_type(&self) -> &'static str {
111        match self {
112            KnownProvider::Google { .. } => "google",
113            KnownProvider::Microsoft { .. } => "microsoft",
114            KnownProvider::Okta { .. } => "okta",
115            KnownProvider::Generic { .. } => "generic",
116        }
117    }
118}