tower_oauth2_resource_server/
auth_resolver.rs1use http::HeaderMap;
2
3use crate::{authorizer::token_authorizer::Authorizer, jwt_unverified::UnverifiedJwt};
4
5pub trait AuthorizerResolver<Claims>: Send + Sync + std::fmt::Debug {
6 fn select_authorizer<'a>(
7 &'a self,
8 authorizers: &'a [Authorizer<Claims>],
9 headers: &HeaderMap,
10 unverified_jwt: &UnverifiedJwt,
11 ) -> Option<&'a Authorizer<Claims>>;
12}
13
14#[derive(Debug)]
18pub struct SingleAuthorizerResolver {}
19
20impl<Claims> AuthorizerResolver<Claims> for SingleAuthorizerResolver {
21 fn select_authorizer<'a>(
22 &'a self,
23 authorizers: &'a [Authorizer<Claims>],
24 _headers: &HeaderMap,
25 _unverified_jwt: &UnverifiedJwt,
26 ) -> Option<&'a Authorizer<Claims>> {
27 authorizers.first()
28 }
29}
30
31#[derive(Debug)]
35pub struct IssuerAuthorizerResolver {}
36
37impl<Claims> AuthorizerResolver<Claims> for IssuerAuthorizerResolver {
38 fn select_authorizer<'a>(
39 &'a self,
40 authorizers: &'a [Authorizer<Claims>],
41 _headers: &HeaderMap,
42 unverified_jwt: &UnverifiedJwt,
43 ) -> Option<&'a Authorizer<Claims>> {
44 let claims = unverified_jwt.claims()?;
45 let issuer = claims.get("iss")?.as_str()?;
46 println!("{:?}", claims);
47 println!(
48 "{:?}",
49 authorizers
50 .iter()
51 .map(|auth| auth.identifier())
52 .collect::<Vec<_>>()
53 );
54 authorizers
55 .iter()
56 .find(|authorizer| authorizer.identifier() == issuer)
57 }
58}
59
60#[derive(Debug)]
63pub struct KidAuthorizerResolver {}
64
65impl<Claims> AuthorizerResolver<Claims> for KidAuthorizerResolver {
66 fn select_authorizer<'a>(
67 &'a self,
68 authorizers: &'a [Authorizer<Claims>],
69 _headers: &HeaderMap,
70 unverified_jwt: &UnverifiedJwt,
71 ) -> Option<&'a Authorizer<Claims>> {
72 let header = unverified_jwt.header()?;
73 let kid = header.get("kid")?.as_str()?;
74 authorizers
75 .iter()
76 .find(|authorizer| authorizer.has_kid(kid))
77 }
78}