feat(oidc): add OidcAutorizationCodeVerification

Author: JMounier

cffi_defs.h

@@ -224,6 +224,7 @@ enum tanker_verification_method_type
   TANKER_VERIFICATION_METHOD_PREVERIFIED_PHONE_NUMBER,
   TANKER_VERIFICATION_METHOD_E2E_PASSPHRASE,
   TANKER_VERIFICATION_METHOD_PREVERIFIED_OIDC,
+  TANKER_VERIFICATION_METHOD_OIDC_AUTHORIZATION_CODE,
 
   TANKER_VERIFICATION_METHOD_LAST
 };
@@ -241,6 +242,7 @@ typedef struct tanker_options tanker_options_t;
 typedef struct tanker_email_verification tanker_email_verification_t;
 typedef struct tanker_phone_number_verification tanker_phone_number_verification_t;
 typedef struct tanker_preverified_oidc_verification tanker_preverified_oidc_verification_t;
+typedef struct tanker_oidc_authorization_code_verification tanker_oidc_authorization_code_verification_t;
 typedef struct tanker_verification tanker_verification_t;
 typedef struct tanker_verification_list tanker_verification_list_t;
 typedef struct tanker_verification_method tanker_verification_method_t;
@@ -314,6 +316,14 @@ struct tanker_preverified_oidc_verification
   char const* provider_id;
 };
 
+struct tanker_oidc_authorization_code_verification
+{
+  uint8_t version;
+  char const* provider_id;
+  char const* authorization_code;
+  char const* state;
+};
+
 struct tanker_verification
 {
   uint8_t version;
@@ -329,6 +339,7 @@ struct tanker_verification
   char const* preverified_email;
   char const* preverified_phone_number;
   tanker_preverified_oidc_verification_t preverified_oidc_verification;
+  tanker_oidc_authorization_code_verification_t oidc_authorization_code_verification;
 };
 
 struct tanker_verification_method
@@ -450,6 +461,8 @@ tanker_future_t* tanker_attach_provisional_identity(
 tanker_future_t* tanker_verify_provisional_identity(
     tanker_t* ctanker, tanker_verification_t const* verification);
 
+tanker_expected_t* tanker_authenticate_with_idp(tanker_t* session, char const* provider_id, char const* cookie);
+
 void tanker_free_buffer(void const* buffer);
 
 void tanker_free_verification_method_list(

tankersdk/__init__.py

@@ -16,6 +16,7 @@
     EmailVerification,
     EmailVerificationMethod,
     EncryptionOptions,
+    OidcAuthorizationCodeVerification,
     OidcIdTokenVerification,
     OidcIdTokenVerificationMethod,
     Padding,

tankersdk/tanker.py

@@ -63,6 +63,7 @@ class VerificationMethodType(Enum):
     PREVERIFIED_PHONE_NUMBER = 7
     E2E_PASSPHRASE = 8
     PREVERIFIED_OIDC = 9
+    OIDC_AUTHORIZATION_CODE = 10
 
 
 class Verification:
@@ -148,6 +149,15 @@ def __init__(self, subject: str, provider_id: str):
         self.provider_id = provider_id
 
 
+class OidcAuthorizationCodeVerification(Verification):
+    method_type = VerificationMethodType.OIDC_AUTHORIZATION_CODE
+
+    def __init__(self, provider_id: str, authorization_code: str, state: str):
+        self.provider_id = provider_id
+        self.authorization_code = authorization_code
+        self.state = state
+
+
 class VerificationMethod:
     # Note: we want every subclass to have a 'mehod_type' attribute
     # of type VerificationMethodType, but there's no "good"
@@ -390,7 +400,7 @@ def __init__(
 
         # Note: we store things in `self` so they don't get
         # garbage collected later on
-        c_verification = ffi.new("tanker_verification_t *", {"version": 7})
+        c_verification = ffi.new("tanker_verification_t *", {"version": 8})
         if isinstance(verification, VerificationKeyVerification):
             c_verification.verification_method_type = (
                 tankerlib.TANKER_VERIFICATION_METHOD_VERIFICATION_KEY
@@ -479,6 +489,21 @@ def __init__(
             c_verification.preverified_oidc_verification = (
                 self._preverified_oidc_verification
             )
+        elif isinstance(verification, OidcAuthorizationCodeVerification):
+            c_verification.verification_method_type = (
+                tankerlib.TANKER_VERIFICATION_METHOD_OIDC_AUTHORIZATION_CODE
+            )
+            self._oidc_authorization_code_verification = {
+                "version": 1,
+                "provider_id": ffihelpers.str_to_c_string(verification.provider_id),
+                "authorization_code": ffihelpers.str_to_c_string(
+                    verification.authorization_code
+                ),
+                "state": ffihelpers.str_to_c_string(verification.state),
+            }
+            c_verification.oidc_authorization_code_verification = (
+                self._oidc_authorization_code_verification
+            )
 
         self._c_verification = c_verification