Allow redirect on discovery endpoint

Timshel · May 23, 2024 · 55c5a0f · 55c5a0f
1 parent 04149ea
commit 55c5a0f
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 1 deletion.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -152,6 +152,7 @@ governor = "0.6.3"
 # OIDC for SSO
 openidconnect = "3.5.0"
 mini-moka = "0.10.2"
+oic_reqwest = { package = "reqwest", version = "0.11", default-features = false, features = ["blocking"] }
 
 # Check client versions for specific features.
 semver = "1.0.23"

diff --git a/src/sso.rs b/src/sso.rs
@@ -156,6 +156,37 @@ trait CoreClientExt {
     fn vw_id_token_verifier(&self) -> CoreIdTokenVerifier<'_>;
 }
 
+
+use openidconnect::{HttpRequest, HttpResponse};
+
+pub async fn async_http_client_allow_redirect(
+    request: HttpRequest,
+) -> Result<HttpResponse, openidconnect::reqwest::Error<oic_reqwest::Error>> {
+    let client = oic_reqwest::Client::new();
+
+    let mut request_builder = client
+        .request(request.method, request.url.as_str())
+        .body(request.body);
+
+    for (name, value) in &request.headers {
+        request_builder = request_builder.header(name.as_str(), value.as_bytes());
+    }
+    let request = request_builder.build().map_err(openidconnect::reqwest::Error::Reqwest)?;
+
+    let response = client.execute(request).await.map_err(openidconnect::reqwest::Error::Reqwest)?;
+
+    let status_code = response.status();
+    let headers = response.headers().to_owned();
+    let chunks = response.bytes().await.map_err(openidconnect::reqwest::Error::Reqwest)?;
+
+    Ok(HttpResponse {
+        status_code,
+        headers,
+        body: chunks.to_vec(),
+    })
+}
+
+
 #[rocket::async_trait]
 impl CoreClientExt for CoreClient {
     // Call the OpenId discovery endpoint to retrieve configuration
@@ -165,7 +196,7 @@ impl CoreClientExt for CoreClient {
 
         let issuer_url = CONFIG.sso_issuer_url()?;
 
-        let provider_metadata = match CoreProviderMetadata::discover_async(issuer_url, async_http_client).await {
+        let provider_metadata = match CoreProviderMetadata::discover_async(issuer_url, async_http_client_allow_redirect).await {
             Err(err) => err!(format!("Failed to discover OpenID provider: {err}")),
             Ok(metadata) => metadata,
         };