about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVika <vika@fireburn.ru>2022-09-21 10:42:26 +0300
committerVika <vika@fireburn.ru>2022-09-28 00:59:43 +0300
commite5281c6da75f115d01aa5bef2f460ebd5b30a656 (patch)
tree369b764ac3f346aa9068a27bc631c8edc42fc271
parente468d8cd5aac240a05a149737e0117a57a926683 (diff)
downloadkittybox-e5281c6da75f115d01aa5bef2f460ebd5b30a656.tar.zst
indieauth: add "token_type" and "scope" to token grant response
It looks like some badly-behaved apps require "scope" even though it
is optional according to OAuth2. Additionally, both of these fields
are not present in the IndieAuth spec (this is an error in the spec,
tracked here: https://github.com/indieweb/indieauth/issues/116
-rw-r--r--kittybox-rs/indieauth/src/lib.rs21
-rw-r--r--kittybox-rs/src/indieauth/mod.rs6
2 files changed, 26 insertions, 1 deletions
diff --git a/kittybox-rs/indieauth/src/lib.rs b/kittybox-rs/indieauth/src/lib.rs
index 752d9e9..22dcdbd 100644
--- a/kittybox-rs/indieauth/src/lib.rs
+++ b/kittybox-rs/indieauth/src/lib.rs
@@ -395,6 +395,20 @@ pub enum GrantRequest {
     }
 }
 
+/// Token type, as described in [RFC6749][].
+///
+/// [RFC6749]: https://www.rfc-editor.org/rfc/rfc6749#section-7.1
+#[derive(Debug, Clone, Copy, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum TokenType {
+    /// A Bearer token described in [RFC6750][]. As far as the author
+    /// of this library is concerned, this is the only type that
+    /// IndieAuth uses.
+    ///
+    /// [RFC6750]: https://www.rfc-editor.org/rfc/rfc6750
+    Bearer
+}
+
 /// The response to a successful [`GrantRequest`].
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(untagged)]
@@ -405,6 +419,13 @@ pub enum GrantResponse {
     AccessToken {
         /// The URL for the user this token corresponds to.
         me: Url,
+        /// Token type. Required by OAuth2, not mentioned in
+        /// IndieAuth. Confirmed as erroneous.
+        token_type: TokenType,
+        /// Scopes. REQUIRED if different from what was
+        /// requested. Absence from IndieAuth spec confirmed as
+        /// erroneous.
+        scope: Option<Scopes>,
         /// The user's profile information, if it was requested.
         #[serde(skip_serializing_if = "Option::is_none")]
         profile: Option<Profile>,
diff --git a/kittybox-rs/src/indieauth/mod.rs b/kittybox-rs/src/indieauth/mod.rs
index 67f4a43..44cb368 100644
--- a/kittybox-rs/src/indieauth/mod.rs
+++ b/kittybox-rs/src/indieauth/mod.rs
@@ -442,6 +442,8 @@ async fn token_endpoint_post<A: AuthBackend, D: Storage + 'static>(
                 me,
                 profile,
                 access_token,
+                token_type: kittybox_indieauth::TokenType::Bearer,
+                scope: Some(scope),
                 expires_in: Some(ACCESS_TOKEN_VALIDITY),
                 refresh_token: Some(refresh_token)
             }.into_response()
@@ -517,7 +519,7 @@ async fn token_endpoint_post<A: AuthBackend, D: Storage + 'static>(
 
             let old_refresh_token = refresh_token;
             let refresh_token = match backend.create_refresh_token(
-                prepare_refresh_token(data.me.clone(), client_id, scope)
+                prepare_refresh_token(data.me.clone(), client_id, scope.clone())
             ).await {
                 Ok(token) => token,
                 Err(err) => {
@@ -534,6 +536,8 @@ async fn token_endpoint_post<A: AuthBackend, D: Storage + 'static>(
                 me: data.me,
                 profile,
                 access_token,
+                token_type: kittybox_indieauth::TokenType::Bearer,
+                scope: Some(scope),
                 expires_in: Some(ACCESS_TOKEN_VALIDITY),
                 refresh_token: Some(refresh_token)
             }.into_response()