OMGeeky/yup-oauth2
1
0
Fork 0
mirror of https://github.com/OMGeeky/yup-oauth2.git synced 2026-01-02 01:16:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
622 Commits 2 Branches 0 Tags
e69841a170f44cb8a9969a4ab1cfb672e7d9d224
Commit Graph

337 Commits

Author SHA1 Message Date
Sanath Govindarajan
e69841a170 re-export hyper dependency 2023-04-18 14:16:27 -05:00
Sanath Govindarajan
098fb246a4 re-export hyper-rustls dependency 2023-04-18 14:13:00 -05:00
William Ho
24d1d8c429 Set default expires_at if only ID token is returned 
Was running into an issue where ID tokens were being used by the
authenticator even after the 1-hour validity period, and weren't being
refreshed.

After enabling debug logs, I found out that this was happening because
ID-token-only responses don't contain the `expires_in` field, so the
authenticator assumes it doesn't expire.

Interestingly, this doesn't happen when using the service account
impersonation flow, because it's explicitly handled there by defaulting
the expiration to 1 hour.

The ID token is a JWT so it's possible to decode it to get the
expiration date, but to avoid introducing a JWT decoding dependency,
I've gone for the same approach of defaulting to 1 hour, as indicated in
the GCP docs.
 2023-02-17 14:25:38 -05:00
Lewin Bormann
0a7e695971 Improve clarity on redirect URLs for #191 2023-02-10 20:59:01 +01:00
Joe Neeman
923a149e99 Add support for generating impersonated ids. 
The previous service account impersonation feature only allowed requesting
impersonated access tokens. This one adds id tokens.
 2022-11-23 14:43:40 -06:00
luketpeterson
3ecb212d68 Merge branch 'dermesser:master' into master 2022-10-24 15:39:52 +09:00
Luke Peterson
0899b51ca9 Implementing mechanism to specify server port in InstalledFlowReturnMethod. Issue #160 2022-10-18 21:57:54 +09:00
Joe Neeman
acf898f10c Account for the fact that access tokens are optional now. 2022-10-17 16:35:10 -05:00
Joe Neeman
e907226c3c Implement service account impersonation. 2022-10-17 16:23:19 -05:00
Brandon Ogle
818d1c2eea Remove redundant id_token field from struct initialization 2022-10-10 12:45:51 -07:00
Brandon Ogle
95df191358 Revert Token back to AccessToken, as TokenInfo can be used to retrieve id_token 2022-09-21 19:00:37 -07:00
Brandon Ogle
2d805cf19e Merge branch 'nagisa/id_token' of github.com:nagisa/yup-oauth2 into nagisa-nagisa/id_token 2022-09-21 18:51:59 -07:00
toepp
f35eb186d6 removed commented imports and added a better description 2022-08-31 11:03:31 +02:00
toepp
7c557a5d03 forgot to add the file itself 2022-08-29 10:20:18 +02:00
chritoep
110c65ab07 added access token authenticator 2022-08-26 08:50:28 +02:00
Lewin Bormann
c69fffac28 for #180: allow HTTP requests in default hyper client. 
If an attacker could manipulate URLs for token retrieval etc., they
could wreak considerably more havoc than a downgrade attack.
 2022-06-09 20:14:44 -07:00
Kyle Gentle
c76ae18224 feat(Authenticator client): Accept custom connectors 
Update Authenticator to accept clients with custom connectors, rather
than depending on the sealed hyper::client::connect::Connect trait, as recommended by hyper: https://docs.rs/hyper/0.13.8/src/hyper/client/connect/mod.rs.html#256-258

Closes #177.
 2022-05-22 16:29:02 -04:00
Lewin Bormann
1a32e1af6f Document ServiceAccountAuthenticator inline 2022-05-21 09:18:00 -07:00
Renar Narubin
aacb97d76c Remove file IO panic in ApplicationDefaultCreds flow 
The `from_environment` function in
`ApplicationDefaultCredentialsAuthenticator` had an `unwrap` call on an
io::Result after reading the service account key from file. File
operations are inherently fallible, and panicking on such a failure is
generally a bad convention compared to propagating the IO error.

Propagating that error from the `from_environment` function is not
practical however, because the returned Result type does not include IO
errors, and changing the function signature would be semver
incompatible.

This change instead defers reading the key file to a later function
call. Now `from_environment` only reads the value of the
`GOOGLE_APPLICATION_CREDENTIALS` into a PathBuf, and a later call to
`ServiceAccountFlow::new` will actually read the file. That constructor
already returns an io::Result, so folding the read error into it is
possible, and none of the changes impact public items so it's all
semver-compatible.
 2022-05-18 21:05:37 -07:00
David Schmitt
69e3a0289b docs: minor typo in docstring 2022-05-07 16:39:44 +01:00
Lewin Bormann
fb658f6d10 Merge pull request #173 from djc/rustls-0.20 
Upgrade rustls and related dependencies
 2022-04-18 18:44:18 -07:00
Lewin Bormann
378dca1148 rustls upgrade: supply correct client in test cases 2022-04-18 18:39:57 -07:00
Dirkjan Ochtman
32b6d8fa63 Allow testing without https 2022-04-11 11:38:25 +02:00
Lewin Bormann
bfe622eaaf clean-up: fix most clippy warnings 2022-04-08 23:35:15 -07:00
Lewin Bormann
986bda2465 Merge branch 'pr165' 
for #165
 2022-04-08 23:27:45 -07:00
Lewin Bormann
4a0c527d48 Release v6.5.1: Fix visibility of authorized_user module 2022-04-07 17:48:36 -07:00
Dirkjan Ochtman
f9c59bb743 Upgrade rustls and related dependencies 2022-04-06 11:22:05 +02:00
Lewin Bormann
95d46f53b8 Also feature-gate doc test for #170 2022-03-22 18:31:39 +01:00
Lewin Bormann
35a3117047 Fix feature gating of function for #170 2022-03-22 18:24:31 +01:00
Lewin Bormann
3c93bd1dc4 Merge pull request #170 from FEC-bendingspoons/master 
Add authorized user authenticator
 2022-03-22 18:18:08 +01:00
Sarah Bird
2128772d88 Replace chrono with time 2022-03-11 19:39:11 -06:00
Federico Cergol
e9cb1e43eb fix: service_account feature flag placement 2022-03-09 18:31:10 +01:00
Federico Cergol
b4c5ef8527 feat: add authorized user authenticator 2022-03-05 16:31:12 +01:00
Lewin Bormann
6aca7fbae5 for #169: also fix a doc test 2022-02-24 13:42:09 +01:00
Cameron Taggart
eb2d09870b more #[cfg(feature = "service_account")] 2022-02-24 07:23:09 -05:00
Lewin Bormann
9b81a7183e Make rustls dependency optional by introducing "service_account" feature 
Now, service_account code must be (implicitly) enabled.

Asked for in feature #168
 2022-02-22 20:10:39 +01:00
Lewin Bormann
65e7fee104 Merge pull request #167 from bjornwein/parse_service_account_key 
feat(helper): add parse_service_account_key() function
 2021-12-27 11:21:19 +01:00
Björn Weinehall
da648e9f39 feat(helper): add parse_service_account_key() function 
Add parse_service_account_key() in line with parse_application_secret().
Can be used to e.g. pass the service account key through an env variable.
 2021-12-21 11:06:26 +01:00
Björn Weinehall
8829599c8c Amend tests for the ID token field 2021-12-21 10:42:59 +01:00
Björn Weinehall
6e6579ab59 Add ID token support 2021-12-17 16:25:02 +01:00
Glyn Normington
a1250e1728 Recreate token cache if token refresh fails 
Fixes https://github.com/dermesser/yup-oauth2/issues/163
 2021-12-15 17:49:14 +00:00
Lukas Winkler
39c712dfab Remove no longer applicatble TODO's 2021-12-01 13:50:16 +01:00
Lukas Winkler
c7793063e4 Add feature gates where required 2021-11-25 20:01:59 +01:00
Lukas Winkler
cd821f575d Make doc tests pass 2021-11-25 19:45:08 +01:00
Lukas Winkler
169e5ff1c0 Allow overriding metadata url used during testing 2021-11-25 19:37:11 +01:00
Lukas Winkler
792cc04694 Extend to provide with_client as well 2021-11-25 17:36:39 +01:00
Lukas Winkler
7818c6a460 Make work with new structure after rebase 2021-11-25 16:45:26 +01:00
Antti Peltonen
921f1c7190 builder pattern for adc struct 2021-11-21 09:57:07 +01:00
Antti Peltonen
7638946508 work started on adc implementation 2021-11-21 09:57:06 +01:00
James Hinshelwood
be86791762 Add token deserialization workaround 
This fixes token deserialization when the
serde_json/arbitrary_precision feature is enabled.

See https://github.com/serde-rs/json/issues/559 for details.

Co-authored-by: James Hinshelwood <james.hinshelwood@bigpayme.com>
 2021-09-15 15:58:09 +01:00