Not authenticated - kick of the redir to oauth.
(mut request: tide::Request<Arc<AppState>>)
| 66 | |
| 67 | // Not authenticated - kick of the redir to oauth. |
| 68 | pub(crate) async fn login_view(mut request: tide::Request<Arc<AppState>>) -> tide::Result { |
| 69 | let (pkce_code_challenge, pkce_code_verifier) = PkceCodeChallenge::new_random_sha256(); |
| 70 | |
| 71 | debug!("challenge -> {:?}", pkce_code_challenge.as_str()); |
| 72 | debug!("secret -> {:?}", pkce_code_verifier.secret()); |
| 73 | |
| 74 | let (auth_url, csrf_token) = request |
| 75 | .state() |
| 76 | .oauth |
| 77 | .as_ref() |
| 78 | .ok_or_else(|| tide::Error::new(403 as u16, anyhow::Error::msg("Forbidden")))? |
| 79 | .authorize_url(CsrfToken::new_random) |
| 80 | .add_scope(Scope::new("read".to_string())) |
| 81 | .set_pkce_challenge(pkce_code_challenge) |
| 82 | .url(); |
| 83 | |
| 84 | // We can stash the verifier in the session. |
| 85 | let session = request.session_mut(); |
| 86 | session |
| 87 | .insert("pkce_code_verifier", &pkce_code_verifier) |
| 88 | .unwrap(); |
| 89 | session.insert("csrf_token", &csrf_token).unwrap(); |
| 90 | |
| 91 | info!("starting oauth"); |
| 92 | Ok(tide::Redirect::new(auth_url.as_str()).into()) |
| 93 | } |
| 94 | |
| 95 | #[derive(Debug, Serialize, Deserialize)] |
| 96 | struct OauthResp { |