Skip to main content

tuwunel_admin/query/oauth/
mod.rs

1mod associate;
2mod delete;
3mod list_providers;
4mod list_sessions;
5mod list_users;
6mod revoke;
7mod show_provider;
8mod show_session;
9mod show_user;
10mod token_info;
11
12use clap::Subcommand;
13use ruma::OwnedUserId;
14use tuwunel_core::{
15	Result,
16	either::{Either, Left, Right},
17};
18use tuwunel_service::oauth::{ProviderId, SessionId};
19
20use crate::admin_command_dispatch;
21
22#[admin_command_dispatch(handler_prefix = "oauth")]
23#[derive(Debug, Subcommand)]
24/// Query OAuth service state
25pub(crate) enum OauthCommand {
26	/// Associate existing user with future authorization claims.
27	Associate {
28		/// ID of configured provider to listen on.
29		provider: String,
30
31		/// MXID of local user to associate.
32		user_id: OwnedUserId,
33
34		/// List of claims to match in key=value format.
35		#[arg(long, required = true)]
36		claim: Vec<String>,
37
38		/// Replace existing committed SSO sessions before recording the claim;
39		/// without it, associate refuses when committed sessions exist.
40		#[arg(long)]
41		force: bool,
42	},
43
44	/// List configured OAuth providers.
45	ListProviders,
46
47	/// List users associated with any OAuth session
48	ListUsers,
49
50	/// List session ID's
51	ListSessions {
52		#[arg(long)]
53		user: Option<OwnedUserId>,
54	},
55
56	/// Show active configuration of a provider.
57	ShowProvider {
58		id: ProviderId,
59
60		#[arg(long)]
61		config: bool,
62	},
63
64	/// Show session state
65	ShowSession {
66		id: SessionId,
67	},
68
69	/// Show user sessions
70	ShowUser {
71		user_id: OwnedUserId,
72	},
73
74	/// Token introspection request to provider.
75	TokenInfo {
76		id: SessionId,
77	},
78
79	/// Revoke token for user_id or sess_id.
80	Revoke {
81		#[arg(value_parser = session_or_user_id)]
82		id: Either<SessionId, OwnedUserId>,
83	},
84
85	/// Remove oauth state (DANGER!)
86	Delete {
87		#[arg(value_parser = session_or_user_id)]
88		id: Either<SessionId, OwnedUserId>,
89
90		#[arg(long)]
91		force: bool,
92	},
93}
94
95type SessionOrUserId = Either<SessionId, OwnedUserId>;
96
97fn session_or_user_id(input: &str) -> Result<SessionOrUserId> {
98	OwnedUserId::parse(input)
99		.map(Right)
100		.or_else(|_| Ok(Left(input.to_owned())))
101}