usso 0.2.6

The usso provides a universal single sign-on (SSO) integration for microservices, making it easy to add secure, scalable authentication across different frameworks. This client simplifies the process of connecting any microservice to the USSO service.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

use crate::{exceptions::JwtError, utils::b64tools::b64_decode_uuid};
use base64::{engine::general_purpose::STANDARD_NO_PAD, Engine};
use jsonwebtoken::Algorithm;
use serde::{Deserialize, Serialize};
use uuid::Uuid;

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct UserData {
    pub user_id: String,
    pub workspace_id: Option<String>,
    pub workspace_ids: Vec<String>,
    pub token_type: String,
    pub email: Option<String>,
    pub phone: Option<String>,
    pub username: Option<String>,
    pub authentication_method: Option<String>,
    pub is_active: bool,
    pub jti: Option<String>,
    pub data: Option<serde_json::Value>,
    pub token: Option<String>,
}

impl UserData {
    pub fn from_json(value: &serde_json::Value) -> Self {
        serde_json::from_value(value.clone()).unwrap()
    }

    pub fn uid(&self) -> Uuid {
        let mut user_id = String::new();
        if self.user_id.starts_with("u_") {
            user_id = self.user_id[2..].to_string();
        }

        if (22..=24).contains(&user_id.len()) {
            return b64_decode_uuid(user_id.as_str()).unwrap();
        }
        Uuid::parse_str(&user_id).expect("Invalid UUID format")
    }
}

#[derive(Serialize, Deserialize, Debug, Clone)]
pub struct JWTConfig {
    pub jwk_url: Option<String>,
    pub keys: Option<Jwks>,
    pub algorithm: String,
    pub header: std::collections::HashMap<String, String>,
}

impl JWTConfig {
    pub fn new(jwk_url: Option<String>, keys: Option<Jwks>) -> Self {
        JWTConfig {
            jwk_url,
            keys,
            algorithm: "RS256".to_string(),
            header: std::collections::HashMap::new(),
        }
    }

    pub fn decode(&self, token: &str) -> Result<UserData, crate::exceptions::USSOError> {
        let header = JwtHeader::from_token(token).unwrap();
        match header.kid {
            Some(kid) => {
                if let Some(keyset) = &self.keys {
                    let key = keyset.match_kid(kid.as_str());
                    match key {
                        Some(key) => crate::core::decode_token(key, token, &[Algorithm::RS256]),
                        None => Err(crate::exceptions::USSOError::InvalidToken),
                    }
                } else {
                    Err(crate::exceptions::USSOError::Other(String::from(
                        "keyset is not set",
                    )))
                }
            }
            None => Err(crate::exceptions::USSOError::InvalidToken),
        }
    }
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Jwk {
    pub kid: String,
    pub kty: String,
    pub alg: String,
    pub r#use: String,
    pub n: String,
    pub e: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Jwks {
    pub keys: Vec<Jwk>,
}
impl Jwks {
    pub fn match_kid(&self, kid: &str) -> Option<&Jwk> {
        self.keys.iter().find(|key| key.kid == kid)
    }
}
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct JwtHeader {
    pub alg: String,
    pub typ: Option<String>,
    pub kid: Option<String>,
    pub host: Option<String>,
}
impl JwtHeader {
    // Function to decode and parse the JWT header from the JWT string
    pub fn from_token(jwt: &str) -> Result<JwtHeader, JwtError> {
        let parts: Vec<&str> = jwt.split('.').collect();
        if parts.len() != 3 {
            return Err(JwtError::InvalidFormat);
        }

        // Base64 URL decoding can fail, hence the error handling
        let header_base64 = parts[0];
        match STANDARD_NO_PAD.decode(header_base64) {
            Ok(header_bytes) => {
                // Convert bytes to string and return
                match serde_json::from_slice(&header_bytes) {
                    Ok(header_str) => Ok(header_str),
                    Err(_) => Err(JwtError::DecodingError(
                        "Invalid UTF-8 in header".to_string(),
                    )),
                }
            }
            Err(_) => Err(JwtError::DecodingError(
                "Failed to decode base64".to_string(),
            )),
        }
    }
}