Struct wasm_service_oauth::OAuthConfig[][src]

pub struct OAuthConfig {
    pub auth_failed_response: fn(_: &Request, ctx: &mut Context, return_url: &str),
    pub auth_checker: Box<dyn AuthCheck>,
    pub auth_error_redirect: fn(ctx: &mut Context, url: Option<&str>) -> HandlerReturn,
    pub app_url: String,
    pub logged_out_app_url: String,
    pub authorize_url_path: String,
    pub code_url_path: String,
    pub login_failed_url_path: String,
    pub logout_url_path: String,
    pub user_agent: String,
    pub cors_origins: Vec<String>,
    pub cors_allow_methods: String,
    pub cors_allow_age_sec: u64,
    pub cors_allow_headers: String,
    pub provider_authorize_url: String,
    pub provider_token_url: String,
    pub oauth_scopes: String,
    pub client_id: String,
    pub client_secret: String,
    pub state_secret: Vec<u8>,
    pub state_timeout_sec: u64,
    pub session_secret: Vec<u8>,
    pub session_timeout_sec: u64,
    pub session_cookie_path_prefix: String,
}

Configuration for OAuthHandler plugin

Fields

auth_failed_response: fn(_: &Request, ctx: &mut Context, return_url: &str)

Function to generate auth failed response - what appears when user lands on /login-failed. either as a redirect (status 302 + Location header), or html (status 200 + error notice) When used in conjunction with auth_error_redirect, auth_error_redirect returns a 302/303 status and a Location header, and this function generates the actual error page.

auth_checker: Box<dyn AuthCheck>

Handler for authorization checking based on current user and request

auth_error_redirect: fn(ctx: &mut Context, url: Option<&str>) -> HandlerReturn

Generate auth error, for any cause including failed login, invalid session, and attempts to hack protocol. To avoid disclosing too much about our internal checks to a hacker, the error message is not very descriptive. Logs contain more detailed info. The function should do one of the following:

  • use ctx to set a Location header and redirect (status 302 or 303)
  • return text of an error page, either in ctx.response().text() or in HandlerReturn::text. To guard against XSS attacks, any parameters used in the url that appear on the error page must be sanitized.
app_url: String

Default url for app. This url is used after authentication if "redirect_url" is not specified or could not be parsed.

logged_out_app_url: String

Default url to send users who failed authN.authZ Should not be the same as app_url if app_url requires auth

authorize_url_path: String

Url prefix of this app to begin authorization flow. Default: "/authorize" If the app determines that authentication/authorization is required, it may redirect the user to this url appended with "?redirect_url=...", and the user will be redirected to that app url after authentication has completed.

code_url_path: String

url prefix for code url redirect from oauth provider. This must match the redirect url in configuration for the OAuth app (at github.com)

login_failed_url_path: String

Where to send user after failed authentication

logout_url_path: String

URL to force logout: clear cookies and redirect to app main page

user_agent: String

User-Agent header string to be sent to oauth provider. Default: "wasm-oauth vx,y,z", where x,y.z is the build version of the wasm-oauth crate

cors_origins: Vec<String>

Allowed origins. default: vec!["*"].

cors_allow_methods: String

Comma-separated list of allowed methods. Default: "GET,POST,OPTIONS"

cors_allow_age_sec: u64

Length of time, in seconds, browser may cache CORS results. Default: 1 day (24 * 3600)

cors_allow_headers: String

CORS allowed headers: comma-separated list of allowed headers. Default: "Content-Type,Origin,Accept,Accept-Language,X-Requested-With"

provider_authorize_url: String

Oauth provider url for authorize. Default: "https://github.com/login/oauth/authorize"

provider_token_url: String

Oauth provider url for retrieving token. Default: "https://github.com/login/oauth/access_token"

oauth_scopes: String

Oauth scopes: space-separated list of scopes. At minimum, must include "read:user". If user email address is required, add "user:email"

client_id: String

Client id assigned by oauth provider. REQUIRED

client_secret: String

Client secret assigned by oauth provider. REQUIRED

state_secret: Vec<u8>

Key used for encrypting state data. Must be 32 bytes. REQUIRED

state_timeout_sec: u64

Timeout for state encryption during login flow. default 5 minutes

session_secret: Vec<u8>

Secret key used for encrypting session data. Must be 32 bytes. REQUIRED

session_timeout_sec: u64

Max age of session cookie, in seconds. Default 3 days (3 * 24 * 60 * 60). Upon expiration of session, user may need to re-verify github account and is re-checked against list of authorized users.

session_cookie_path_prefix: String

Url path prefix for urls that will receive session cookie. Default: "/"

Trait Implementations

impl Default for OAuthConfig[src]

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T> Instrument for T[src]

impl<T> Instrument for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,