refactor: replace openidconnect with oauth2 library

While the OIDC library is recommended, it would prevent us from using non-OIDC providers such as GitHub. This implementation right now is only Google. Other providers will be added on a as needed basis.
cmackenzie1 · Feb 20, 2025 · 2d344c6 · 2d344c6
1 parent 2d55427
commit 2d344c6
Show file tree

Hide file tree

Showing 7 changed files with 213 additions and 257 deletions.
diff --git a/torii-auth-oauth/Cargo.toml b/torii-auth-oauth/Cargo.toml
@@ -8,10 +8,12 @@ license.workspace = true
 [dependencies]
 torii-core = { path = "../torii-core" }
 
-openidconnect = "4.0.0"
+oauth2 = { version = "5.0.0" }
+reqwest = { version = "0.12", features = ["json"] }
 chrono.workspace = true
 async-trait.workspace = true
 serde.workspace = true
+serde_json.workspace = true
 sqlx.workspace = true
 tracing.workspace = true
 uuid.workspace = true

diff --git a/torii-auth-oauth/examples/google/google.rs b/torii-auth-oauth/examples/google/google.rs
@@ -31,21 +31,13 @@ async fn login_handler(State(state): State<AppState>, jar: CookieJar) -> (Cookie
         .plugin_manager
         .get_auth_plugin::<OAuthPlugin<SqliteStorage, SqliteStorage>>("google")
         .unwrap();
-    let auth_flow = plugin
-        .begin_auth("http://localhost:4000/auth/google/callback".to_string())
-        .await
-        .unwrap();
+    let auth_flow = plugin.begin_auth().await.unwrap();
 
     let jar = jar.add(
         Cookie::build(("csrf_state", auth_flow.csrf_state))
             .path("/")
             .http_only(true),
     );
-    let jar = jar.add(
-        Cookie::build(("nonce_key", auth_flow.nonce_key))
-            .path("/")
-            .http_only(true),
-    );
 
     (jar, Redirect::to(&auth_flow.authorization_uri))
 }
@@ -56,7 +48,6 @@ async fn callback_handler(
     Query(params): Query<QueryParams>,
     jar: CookieJar,
 ) -> impl IntoResponse {
-    let nonce_key = jar.get("nonce_key").unwrap().value();
     let csrf_state = jar.get("csrf_state").unwrap().value();
 
     if csrf_state != params.state {
@@ -69,7 +60,7 @@ async fn callback_handler(
         .unwrap();
 
     let (user, session) = plugin
-        .callback(params.code.to_string(), nonce_key.to_string())
+        .callback(params.code.to_string(), csrf_state.to_string())
         .await
         .unwrap();