securitydept-token-set-context 0.2.0

Token Set Context of SecurityDept, a layered authentication and authorization toolkit built as reusable Rust crates.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

//! `frontend-oidc` mode service.
//!
//! [`FrontendOidcModeService`] is the route-facing service for `frontend-oidc`
//! mode, mirroring the role that [`BackendOidcModeAuthService`] plays for
//! `backend-oidc`.
//!
//! Currently it wraps [`FrontendOidcModeRuntime`] and provides helpers for
//! building config projections. Future capabilities (e.g. frontend token
//! handoff validation) will be added here.

use securitydept_utils::observability::DiagnosedResult;

use super::{contracts::FrontendOidcModeConfigProjection, runtime::FrontendOidcModeRuntime};

// ---------------------------------------------------------------------------
// Service
// ---------------------------------------------------------------------------

/// Route-facing service for `frontend-oidc` mode.
///
/// This is the formal entry point for server routes that need to serve
/// `frontend-oidc` mode concerns (config projection endpoints, etc.).
#[derive(Debug, Clone)]
pub struct FrontendOidcModeService {
    runtime: FrontendOidcModeRuntime,
}

impl FrontendOidcModeService {
    /// Create a new service from a runtime.
    pub fn new(runtime: FrontendOidcModeRuntime) -> Self {
        Self { runtime }
    }

    /// Access the underlying runtime.
    pub fn runtime(&self) -> &FrontendOidcModeRuntime {
        &self.runtime
    }

    /// Build a config projection for the frontend.
    ///
    /// # Errors
    ///
    /// Returns an `io::Error` if the claims check script file cannot be read.
    pub async fn config_projection(&self) -> std::io::Result<FrontendOidcModeConfigProjection> {
        self.runtime.config_projection().await
    }

    /// Build a config projection and return a machine-readable diagnosis.
    pub async fn config_projection_with_diagnosis(
        &self,
    ) -> DiagnosedResult<FrontendOidcModeConfigProjection, std::io::Error> {
        self.runtime.config_projection_with_diagnosis().await
    }
}

// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------

#[cfg(test)]
mod tests {
    use securitydept_oauth_provider::{OAuthProviderRemoteConfig, OidcSharedConfig};

    use super::*;
    use crate::frontend_oidc_mode::config::{FrontendOidcModeConfig, FrontendOidcModeConfigSource};

    fn test_service() -> FrontendOidcModeService {
        let shared = OidcSharedConfig {
            remote: OAuthProviderRemoteConfig {
                well_known_url: Some(
                    "https://auth.example.com/.well-known/openid-configuration".to_string(),
                ),
                ..Default::default()
            },
            client_id: Some("spa-client".to_string()),
            ..Default::default()
        };

        let config = FrontendOidcModeConfig::default()
            .resolve_all(&shared)
            .expect("should resolve");
        let runtime = FrontendOidcModeRuntime::new(config);
        FrontendOidcModeService::new(runtime)
    }

    #[tokio::test]
    async fn service_delegates_to_runtime() {
        let service = test_service();
        let projection = service
            .config_projection()
            .await
            .expect("projection should succeed");
        assert_eq!(projection.client_id, "spa-client");
    }
}