feat: Add OpenID Connect (OIDC) authentication support with new OIDC service, routes, and configuration.

2026-01-06 02:43:23 +01:00
parent de09f98b6e
commit 5296171b85
9 changed files with 945 additions and 36 deletions
--- a/api/src/state.rs
+++ b/api/src/state.rs
@@ -3,6 +3,8 @@
 //! Holds shared state for the application.

 use axum::extract::FromRef;
+#[cfg(feature = "auth-oidc")]
+use infra::auth::oidc::OidcService;
 use std::sync::Arc;

 use crate::config::Config;
@@ -11,15 +13,36 @@ use domain::UserService;
 #[derive(Clone)]
 pub struct AppState {
    pub user_service: Arc<UserService>,
+    #[cfg(feature = "auth-oidc")]
+    pub oidc_service: Option<Arc<OidcService>>,
+
    pub config: Arc<Config>,
 }

 impl AppState {
-    pub fn new(user_service: UserService, config: Config) -> Self {
-        Self {
+    pub async fn new(user_service: UserService, config: Config) -> anyhow::Result<Self> {
+        #[cfg(feature = "auth-oidc")]
+        let oidc_service = if let (Some(issuer), Some(id), Some(secret), Some(redirect)) = (
+            &config.oidc_issuer,
+            &config.oidc_client_id,
+            &config.oidc_client_secret,
+            &config.oidc_redirect_url,
+        ) {
+            tracing::info!("Initializing OIDC service with issuer: {}", issuer);
+            Some(Arc::new(
+                OidcService::new(issuer.clone(), id.clone(), secret.clone(), redirect.clone())
+                    .await?,
+            ))
+        } else {
+            None
+        };
+
+        Ok(Self {
            user_service: Arc::new(user_service),
+            #[cfg(feature = "auth-oidc")]
+            oidc_service,
            config: Arc::new(config),
-        }
+        })
    }
 }