nekomimi.pet / jacquard
forked from nonbinary.computer/jacquard
A better Rust ATProto crate
fork atom

some minor oauth bugfixes

Orual 87e15bae bf8f91ad

options
unified split
Changed files
+11 -16
crates
jacquard-oauth
src
atproto.rs
client.rs
dpop.rs
request.rs
+1 -5
crates/jacquard-oauth/src/atproto.rs
··· 242 242 redirect_uris, 243 243 application_type, 244 244 token_endpoint_auth_method: Some(auth_method.into()), 245 - grant_types: if keyset.is_some() { 246 - Some(metadata.grant_types.into_iter().map(|v| v.into()).collect()) 247 - } else { 248 - None 249 - }, 245 + grant_types: Some(metadata.grant_types.into_iter().map(|v| v.into()).collect()), 250 246 response_types: vec!["code".to_cowstr()], 251 247 scope: Some(Scope::serialize_multiple(metadata.scopes.as_slice())), 252 248 dpop_bound_access_tokens: Some(true),
+1 -1
crates/jacquard-oauth/src/client.rs
··· 298 298 } 299 299 300 300 pub async fn restore(&self, did: &Did<'_>, session_id: &str) -> Result<OAuthSession<T, S>> { 301 - self.create_session(self.registry.get(did, session_id, false).await?) 301 + self.create_session(self.registry.get(did, session_id, true).await?) 302 302 .await 303 303 } 304 304
+5 -5
crates/jacquard-oauth/src/dpop.rs
··· 150 150 /// Extract authorization hash from request headers 151 151 fn extract_ath(headers: &http::HeaderMap) -> Option<CowStr<'static>> { 152 152 headers 153 - .get("Authorization") 153 + .get("authorization") 154 154 .filter(|v| v.to_str().is_ok_and(|s| s.starts_with("DPoP "))) 155 155 .map(|auth| { 156 156 URL_SAFE_NO_PAD ··· 212 212 213 213 let next_nonce = response 214 214 .headers() 215 - .get("DPoP-Nonce") 215 + .get("dpop-nonce") 216 216 .and_then(|v| v.to_str().ok()) 217 - .map(|c| CowStr::from(c.to_string())); 217 + .map(|c| CowStr::copy_from_str(c)); 218 218 match &next_nonce { 219 219 Some(s) if next_nonce != init_nonce => { 220 220 store_nonce(data_source, is_to_auth_server, s.clone()); ··· 380 380 } 381 381 if !is_to_auth_server && status == 401 { 382 382 if let Some(www_auth) = headers 383 - .get("WWW-Authenticate") 383 + .get("www-authenticate") 384 384 .and_then(|v| v.to_str().ok()) 385 385 { 386 386 return www_auth.starts_with("DPoP") && www_auth.contains(r#"error="use_dpop_nonce""#); ··· 404 404 else if response.status() == 401 { 405 405 if let Some(www_auth) = response 406 406 .headers() 407 - .get("WWW-Authenticate") 407 + .get("www-authenticate") 408 408 .and_then(|v| v.to_str().ok()) 409 409 { 410 410 return www_auth.starts_with("DPoP") && www_auth.contains(r#"error="use_dpop_nonce""#);
+4 -5
crates/jacquard-oauth/src/request.rs
··· 311 311 pub fn is_permanent(&self) -> bool { 312 312 match &self.kind { 313 313 RequestErrorKind::NoRefreshToken => true, 314 - RequestErrorKind::HttpStatusWithBody { body, .. } => { 315 - body.get("error") 316 - .and_then(|e| e.as_str()) 317 - .is_some_and(|e| matches!(e, "invalid_grant" | "access_denied")) 318 - } 314 + RequestErrorKind::HttpStatusWithBody { body, .. } => body 315 + .get("error") 316 + .and_then(|e| e.as_str()) 317 + .is_some_and(|e| matches!(e, "invalid_grant" | "access_denied")), 319 318 _ => false, 320 319 } 321 320 }