diff options
Diffstat (limited to '')
| -rw-r--r-- | crates/iam/src/api.rs | 71 |
1 files changed, 38 insertions, 33 deletions
diff --git a/crates/iam/src/api.rs b/crates/iam/src/api.rs index 5b72d93..8b46d08 100644 --- a/crates/iam/src/api.rs +++ b/crates/iam/src/api.rs @@ -1,22 +1,26 @@ use crate::ISSUE_TRACKER_LOC; use clap::{Parser, Subcommand, ValueEnum}; use colored::*; +use secd::{IdentityId, OauthProviderName}; use serde::{Deserialize, Serialize}; use thiserror; +use url::Url; use uuid::Uuid; #[derive(Debug, thiserror::Error)] pub enum CliError { + #[error("{} {}", "Failed to initialize an iam store.".red(), format!("An invariant was likely broken and should be reported as a bug here: {}", ISSUE_TRACKER_LOC))] + AdminInitializationError, + #[error("{} {}", "Failed to recieve incoming request.".red(), .0.white())] + DevOauthServer(String), + #[error("{} {} {}", "An unknown error occurred.".red(), format!("An invariant was likely broken and should be reported as a bug here: {}", ISSUE_TRACKER_LOC), .0.yellow())] + InternalError(String), + #[error("{} {}", "The provided validation id and code is invalid or has expired.".red(), "You may recieve at most one session with a valid code, after which a new validation is required.")] + InvalidCode, #[error("{}", "iam failed to read a valid configuration profile. Initialize an iam store with `iam admin init`".red())] InvalidProfile, #[error("{} {}", "Failed to initialize secd: ".red(), .0.yellow())] SecdInitializationFailure(String), - #[error("{} {}", "Fail to initialize an iam store.".red(), format!("An invariant was likely broken and should be reported as a bug here: {}", ISSUE_TRACKER_LOC))] - AdminInitializationError, - #[error("{} {}", "The provided validation id and code is invalid or has expired.".red(), "You may recieve at most one session with a valid code, after which a new validation is required.")] - InvalidCode, - #[error("{} {}", "An unknown error occurred.".red(), format!("An invariant was likely broken and should be reported as a bug here: {}", ISSUE_TRACKER_LOC))] - Unknown, } #[derive(Parser)] @@ -178,11 +182,11 @@ pub enum AdminObject { public_key: Option<String>, }, /// A selected Oauth2.0 provider capable of authenticating identities - OauthProvider { - provider: OauthProvider, + Oauth2Provider { + provider: OauthProviderName, client_id: String, secret: String, - redirect_uri: String, + redirect_url: Url, }, /// A selected provider capable of sending SMS SmsProvider { @@ -320,7 +324,17 @@ pub enum CreateObject { } #[derive(Subcommand)] -pub enum DevObject {} +pub enum DevObject { + #[command( + about = "Create a temporary server to easily receive oauth validation during development.", + long_about = "Oauth2\n\nCreate a temporary server to easily receive oauth validation during development." + )] + Oauth2Server { + /// The port on which the server should listen. You must specify this exact port with your oauth provider. Defaults to 1337 + #[arg(long, short)] + port: Option<u16>, + }, +} #[derive(Subcommand)] pub enum ValidationMethod { @@ -335,9 +349,11 @@ pub enum ValidationMethod { Kerberos, /// An oauth2 provider to authenticate (and authorize) an identity Oauth2 { - provider: OauthProvider, + provider: OauthProviderName, /// An optional scope to use for authorization scope: Option<String>, + /// An optional existing identity to link to this validation request + identity: Option<IdentityId>, }, /// A phone which an identity may authenticate via SMS or voice Phone { @@ -349,28 +365,6 @@ pub enum ValidationMethod { Saml, } -#[derive(Clone, ValueEnum)] -pub enum OauthProvider { - Amazon, - Apple, - Dropbox, - Facebook, - Github, - Gitlab, - Google, - Instagram, - LinkedIn, - Microsoft, - Paypal, - Reddit, - Spotify, - Strava, - Stripe, - Twitch, - Twitter, - WeChat, -} - #[derive(Subcommand)] pub enum GetObject { ApiKey { @@ -507,3 +501,14 @@ pub struct ConfigProfile { pub email_template_login: Option<String>, pub email_template_signup: Option<String>, } + +#[derive(Serialize, Deserialize)] +pub struct Validation { + pub validation_id: Uuid, + #[serde(skip_serializing_if = "Option::is_none")] + pub oauth_auth_url: Option<String>, + #[serde(skip_serializing_if = "Option::is_none")] + pub note: Option<String>, +} + +pub type ValidationSecretCode = String; |