[pbs-devel] [PATH proxmox-backup v1 06/12] api: add openid redirect API
Dietmar Maurer
dietmar at proxmox.com
Tue Jun 22 10:56:14 CEST 2021
---
src/api2/access/domain.rs | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/src/api2/access/domain.rs b/src/api2/access/domain.rs
index 2dff9d32..3c9e3615 100644
--- a/src/api2/access/domain.rs
+++ b/src/api2/access/domain.rs
@@ -8,6 +8,7 @@ use proxmox::api::{api, Permission};
use proxmox::api::router::Router;
use crate::api2::types::*;
+use crate::config::domains::{OPENID_STATE_DIR, OpenIdRealmConfig};
#[api(
returns: {
@@ -60,10 +61,48 @@ fn list_domains() -> Result<Value, Error> {
}
Ok(list.into())
+}
+
+#[api(
+ protected: true,
+ input: {
+ properties: {
+ realm: {
+ schema: REALM_ID_SCHEMA,
+ },
+ "redirect-url": {
+ description: "Redirection Url. The client should set this to used server url.",
+ type: String,
+ },
+ },
+ },
+ returns: {
+ description: "Redirection URL.",
+ type: String,
+ },
+ access: {
+ description: "Anyone can access this (before the user is authenticated).",
+ permission: &Permission::World,
+ },
+)]
+/// Create OpenID Redirect Session
+fn create_redirect_session(
+ realm: String,
+ redirect_url: String,
+ _rpcenv: &mut dyn RpcEnvironment,
+) -> Result<Value, Error> {
+
+ let (domains, _digest) = crate::config::domains::config()?;
+ let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
+ let open_id = config.authenticator(&redirect_url)?;
+ let url = open_id.authorize_url(OPENID_STATE_DIR, &realm)?
+ .to_string();
+ Ok(url.into())
}
pub const ROUTER: Router = Router::new()
+ .post(&API_METHOD_CREATE_REDIRECT_SESSION)
.get(&API_METHOD_LIST_DOMAINS);
--
2.30.2
More information about the pbs-devel
mailing list