rauthy-client 0.14.0

Client for the Rauthy OIDC IAM project
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

use crate::provider::SCIM_TOKEN;
use crate::scim::types::ScimError;
use http::HeaderMap;
use http::header::{AUTHORIZATION, CONTENT_TYPE};
use tracing::error;

#[cfg(feature = "axum")]
pub mod axum;
pub mod types;

pub const CONTENT_TYPE_SCIM: &str = "application/scim+json";

#[allow(unused)]
#[inline]
pub fn is_content_type_scim(headers: &HeaderMap) -> Result<(), ScimError> {
    let Some(ct_val) = headers.get(CONTENT_TYPE) else {
        return Err(ScimError::new(400, Some("Content-Type missing".into())));
    };

    let ct = ct_val.to_str().unwrap_or_default();
    if CONTENT_TYPE_SCIM == ct {
        Ok(())
    } else {
        error!("SCIM request with invalid Content-Type: {}", ct);
        Err(ScimError::new(400, Some("Invalid Content-Type".into())))
    }
}

#[allow(unused)]
#[inline]
pub fn validate_scim_token(headers: &HeaderMap) -> Result<(), ScimError> {
    let Some(auth_val) = headers.get(AUTHORIZATION) else {
        error!("SCIM request no token");
        return Err(ScimError::new(
            400,
            Some("Authorization header missing".into()),
        ));
    };
    let Some(token) = auth_val
        .to_str()
        .unwrap_or_default()
        .strip_prefix("Bearer ")
    else {
        error!("SCIM request with invalid Authorization header");
        return Err(ScimError::new(
            400,
            Some("Invalid Authorization Header".into()),
        ));
    };

    if token == SCIM_TOKEN.get().expect("OIDC Config not set up") {
        Ok(())
    } else {
        error!("SCIM request with invalid token");
        Err(ScimError::new(400, Some("Invalid Bearer Token".into())))
    }
}