systemprompt_models/oauth/
server.rs

1use serde::{Deserialize, Serialize};
2
3#[derive(Debug, Clone, Serialize, Deserialize)]
4pub struct OAuthServerConfig {
5    pub issuer: String,
6    pub authorization_endpoint: String,
7    pub token_endpoint: String,
8    pub registration_endpoint: String,
9    pub supported_scopes: Vec<String>,
10    pub supported_grant_types: Vec<String>,
11    pub supported_response_types: Vec<String>,
12    #[serde(default)]
13    pub supported_code_challenge_methods: Vec<String>,
14    #[serde(default = "default_auth_method")]
15    pub token_endpoint_auth_method: String,
16    #[serde(default = "default_scope")]
17    pub default_scope: String,
18    #[serde(default = "default_auth_code_expiry")]
19    pub auth_code_expiry_seconds: i32,
20    #[serde(default = "default_access_token_expiry")]
21    pub access_token_expiry_seconds: i32,
22}
23
24fn default_auth_method() -> String {
25    "client_secret_basic".to_string()
26}
27
28fn default_scope() -> String {
29    "openid".to_string()
30}
31
32const fn default_auth_code_expiry() -> i32 {
33    600
34}
35
36const fn default_access_token_expiry() -> i32 {
37    3600
38}
39
40impl OAuthServerConfig {
41    pub fn new(issuer: impl Into<String>) -> Self {
42        Self {
43            issuer: issuer.into(),
44            authorization_endpoint: String::new(),
45            token_endpoint: String::new(),
46            registration_endpoint: String::new(),
47            supported_scopes: Vec::new(),
48            supported_grant_types: Vec::new(),
49            supported_response_types: Vec::new(),
50            supported_code_challenge_methods: Vec::new(),
51            token_endpoint_auth_method: default_auth_method(),
52            default_scope: default_scope(),
53            auth_code_expiry_seconds: default_auth_code_expiry(),
54            access_token_expiry_seconds: default_access_token_expiry(),
55        }
56    }
57
58    pub fn from_api_server_url(api_server_url: &str) -> Self {
59        Self {
60            issuer: api_server_url.to_owned(),
61            authorization_endpoint: format!("{api_server_url}/api/v1/core/oauth/authorize"),
62            token_endpoint: format!("{api_server_url}/api/v1/core/oauth/token"),
63            registration_endpoint: format!("{api_server_url}/api/v1/core/oauth/clients"),
64            supported_scopes: vec!["user".to_owned()],
65            supported_response_types: vec!["code".to_owned()],
66            supported_grant_types: vec!["authorization_code".to_owned()],
67            supported_code_challenge_methods: vec!["S256".to_owned()],
68            token_endpoint_auth_method: "client_secret_post".to_owned(),
69            default_scope: "user".to_owned(),
70            auth_code_expiry_seconds: 600,
71            access_token_expiry_seconds: 3600,
72        }
73    }
74}
75
76impl Default for OAuthServerConfig {
77    fn default() -> Self {
78        Self::from_api_server_url("http://localhost:8080")
79    }
80}