tuwunel_api/client/
openid.rs

1use std::time::Duration;
2
3use axum::extract::State;
4use ruma::{api::client::account, authentication::TokenType};
5use tuwunel_core::{Err, Result, utils};
6
7use super::TOKEN_LENGTH;
8use crate::Ruma;
9
10/// # `POST /_matrix/client/v3/user/{userId}/openid/request_token`
11///
12/// Request an OpenID token to verify identity with third-party services.
13///
14/// - The token generated is only valid for the OpenID API
15pub(crate) async fn create_openid_token_route(
16	State(services): State<crate::State>,
17	body: Ruma<account::request_openid_token::v3::Request>,
18) -> Result<account::request_openid_token::v3::Response> {
19	let sender_user = body.sender_user();
20
21	if sender_user != body.user_id {
22		return Err!(Request(InvalidParam(
23			"Not allowed to request OpenID tokens on behalf of other users",
24		)));
25	}
26
27	let access_token = utils::random_string(TOKEN_LENGTH);
28	let expires_in = services
29		.users
30		.create_openid_token(&body.user_id, &access_token)?;
31
32	Ok(account::request_openid_token::v3::Response {
33		access_token,
34		token_type: TokenType::Bearer,
35		matrix_server_name: services.server.name.clone(),
36		expires_in: Duration::from_secs(expires_in),
37	})
38}
tuwunel_api/client/openid.rs

tuwunel_api/client/
openid.rs
