usso 0.2.6

The usso provides a universal single sign-on (SSO) integration for microservices, making it easy to add secure, scalable authentication across different frameworks. This client simplifies the process of connecting any microservice to the USSO service.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

use std::collections::HashMap;
use std::time::{SystemTime, UNIX_EPOCH};

use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};

use crate::exceptions::USSOError;
use crate::jwks::{fetch_jwks_sync, get_jwk_keys};
use crate::schemas::{JWTConfig, Jwk, Jwks, UserData};

pub fn decode_token(
    key: &Jwk,
    token: &str,
    algorithms: &[Algorithm],
) -> Result<UserData, USSOError> {
    let decoding_key = DecodingKey::from_rsa_components(&key.n, &key.e).unwrap();
    let mut validation = Validation::new(Algorithm::RS256);
    validation.algorithms = algorithms.to_vec();

    match decode::<UserData>(token, &decoding_key, &validation) {
        Ok(token_data) => Ok(token_data.claims),
        Err(_) => Err(USSOError::InvalidToken),
    }
}

pub fn is_expired(token: &str) -> Result<bool, USSOError> {
    let decoded = decode::<HashMap<String, serde_json::Value>>(
        token,
        &DecodingKey::from_secret(&[]),
        &Validation::default(),
    )
    .expect("error in decode");

    let exp = decoded
        .claims
        .get("exp")
        .and_then(|v| v.as_i64())
        .unwrap_or_else(|| {
            SystemTime::now()
                .duration_since(UNIX_EPOCH)
                .unwrap()
                .as_secs() as i64
                + 86400
        });

    Ok(exp
        < SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap()
            .as_secs() as i64)
}
pub fn decode_token_with_jwks(_jwk_url: &str, token: &str) -> Result<UserData, USSOError> {
    let jwk_keys = get_jwk_keys().expect("Can't get keys");
    let key = jwk_keys
        .match_kid(token)
        .expect("Can't find key with this kid in jwks");
    decode_token(key, token, &[Algorithm::RS256])
}
#[derive(Debug, Clone)]
pub struct Usso {
    jwt_configs: Vec<JWTConfig>,
}

impl Usso {
    pub fn new(jwt_config: Option<JWTConfig>, jwk_url: Option<String>, key: Option<Jwks>) -> Self {
        let jwt_configs = Self::initialize_configs(jwt_config, jwk_url, key);
        Usso { jwt_configs }
    }

    fn initialize_configs(
        jwt_config: Option<JWTConfig>,
        jwk_url: Option<String>,
        key: Option<Jwks>,
    ) -> Vec<JWTConfig> {
        if let Some(config) = jwt_config {
            vec![config]
        } else if let Some(url) = jwk_url {
            let res = Some(fetch_jwks_sync(url.as_str()).unwrap());
            vec![JWTConfig::new(Some(url.clone()), res)]
        } else if let Some(keyset) = key {
            vec![JWTConfig::new(None, Some(keyset))]
        } else {
            panic!("Provide jwt_config, jwk_url, or keys");
        }
    }

    pub fn user_data_from_token(&self, token: &str) -> Result<UserData, USSOError> {
        for config in &self.jwt_configs {
            if let Ok(user_data) = config.decode(token) {
                return Ok(user_data);
            }
        }
        Err(USSOError::Unauthorized)
    }
}