Shield OIDC: Add support for params

DanielleHuisman · DanielleHuisman · commit 8f263e187794 · 2024-12-29T11:07:40.000+01:00
diff --git a/examples/leptos-axum/src/main.rs b/examples/leptos-axum/src/main.rs
@@ -45,7 +45,7 @@ async fn main() {
                 "client1",
             )
             .client_secret("xcpQsaGbRILTljPtX4npjmYMBjKrariJ")
-            .redirect_url(&format!(
+            .redirect_url(format!(
                 "http://localhost:{}/api/auth/sign-in/callback/oidc/keycloak",
                 addr.port()
             ))
diff --git a/packages/providers/shield-oidc/src/provider.rs b/packages/providers/shield-oidc/src/provider.rs
@@ -3,6 +3,7 @@ use chrono::{DateTime, Duration, Utc};
 use openidconnect::{
     core::{CoreAuthenticationFlow, CoreGenderClaim, CoreTokenResponse},
     reqwest::async_http_client,
+    url::form_urlencoded::parse,
     AccessToken, AuthorizationCode, CsrfToken, EmptyAdditionalClaims, Nonce, OAuth2TokenResponse,
     PkceCodeChallenge, PkceCodeVerifier, Scope, TokenResponse, UserInfoClaims,
 };
@@ -221,6 +222,15 @@ impl<U: User> Provider for OidcProvider<U> {
                 authorization_request.add_scopes(scopes.into_iter().map(Scope::new));
         }
 
+        if let Some(authorization_url_params) = subprovider.authorization_url_params {
+            let params = parse(authorization_url_params.trim_start_matches('?').as_bytes());
+
+            for (name, value) in params {
+                authorization_request =
+                    authorization_request.add_extra_param(name.into_owned(), value.into_owned());
+            }
+        }
+
         let (auth_url, csrf_token, nonce) = authorization_request.url();
 
         {
@@ -292,6 +302,15 @@ impl<U: User> Provider for OidcProvider<U> {
             return Err(ShieldError::Validation("Missing PKCE verifier.".to_owned()));
         }
 
+        if let Some(token_url_params) = subprovider.token_url_params {
+            let params = parse(token_url_params.trim_start_matches('?').as_bytes());
+
+            for (name, value) in params {
+                token_request =
+                    token_request.add_extra_param(name.into_owned(), value.into_owned());
+            }
+        }
+
         let token_response = token_request
             .request_async(async_http_client)
             .await
@@ -414,6 +433,18 @@ impl<U: User> Provider for OidcProvider<U> {
                 };
 
                 if let Some(revocation_request) = revocation_request {
+                    let mut revocation_request = revocation_request;
+
+                    if let Some(revocation_url_params) = subprovider.revocation_url_params {
+                        let params =
+                            parse(revocation_url_params.trim_start_matches('?').as_bytes());
+
+                        for (name, value) in params {
+                            revocation_request = revocation_request
+                                .add_extra_param(name.into_owned(), value.into_owned());
+                        }
+                    }
+
                     revocation_request
                         .request_async(async_http_client)
                         .await

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ async fn main() {`
`45`	`45`	`"client1",`
`46`	`46`	`)`
`47`	`47`	`.client_secret("xcpQsaGbRILTljPtX4npjmYMBjKrariJ")`
`48`		`- .redirect_url(&format!(`
	`48`	`+ .redirect_url(format!(`
`49`	`49`	`"http://localhost:{}/api/auth/sign-in/callback/oidc/keycloak",`
`50`	`50`	`addr.port()`
`51`	`51`	`))`