Skip to content

Commit 57acc9d

Browse files
NotNoromNotNorom
committed
Pass custom http client through for the KeyStoreManager and jwks discovery
1 parent d87b7ef commit 57acc9d

File tree

4 files changed

+30
-28
lines changed

4 files changed

+30
-28
lines changed

jwt-authorizer/src/authorizer.rs

+17-16
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ where
5656
refresh: Option<Refresh>,
5757
validation: crate::validation::Validation,
5858
jwt_source: JwtSource,
59-
http_client: Option<Client>,
59+
http_client: Client,
6060
) -> Result<Authorizer<C>, InitError> {
6161
Ok(match key_source_type {
6262
KeySourceType::RSA(path) => {
@@ -201,7 +201,7 @@ where
201201
}
202202
KeySourceType::Jwks(url) => {
203203
let jwks_url = Url::parse(url.as_str()).map_err(|e| InitError::JwksUrlError(e.to_string()))?;
204-
let key_store_manager = KeyStoreManager::new(jwks_url, refresh.unwrap_or_default());
204+
let key_store_manager = KeyStoreManager::new(http_client, jwks_url, refresh.unwrap_or_default());
205205
Authorizer {
206206
key_source: KeySource::KeyStoreSource(key_store_manager),
207207
claims_checker,
@@ -210,10 +210,10 @@ where
210210
}
211211
}
212212
KeySourceType::Discovery(issuer_url) => {
213-
let jwks_url = Url::parse(&oidc::discover_jwks(issuer_url.as_str(), http_client).await?)
213+
let jwks_url = Url::parse(&oidc::discover_jwks(issuer_url.as_str(), &http_client).await?)
214214
.map_err(|e| InitError::JwksUrlError(e.to_string()))?;
215215

216-
let key_store_manager = KeyStoreManager::new(jwks_url, refresh.unwrap_or_default());
216+
let key_store_manager = KeyStoreManager::new(http_client, jwks_url, refresh.unwrap_or_default());
217217
Authorizer {
218218
key_source: KeySource::KeyStoreSource(key_store_manager),
219219
claims_checker,
@@ -318,6 +318,7 @@ where
318318
mod tests {
319319

320320
use jsonwebtoken::{Algorithm, Header};
321+
use reqwest::Client;
321322
use serde_json::Value;
322323

323324
use crate::{layer::JwtSource, validation::Validation};
@@ -333,7 +334,7 @@ mod tests {
333334
None,
334335
Validation::new(),
335336
JwtSource::AuthorizationHeader,
336-
None,
337+
Client::default(),
337338
)
338339
.await
339340
.unwrap();
@@ -359,7 +360,7 @@ mod tests {
359360
None,
360361
Validation::new(),
361362
JwtSource::AuthorizationHeader,
362-
None,
363+
Client::default(),
363364
)
364365
.await
365366
.unwrap();
@@ -375,7 +376,7 @@ mod tests {
375376
None,
376377
Validation::new(),
377378
JwtSource::AuthorizationHeader,
378-
None,
379+
Client::default(),
379380
)
380381
.await
381382
.unwrap();
@@ -388,7 +389,7 @@ mod tests {
388389
None,
389390
Validation::new(),
390391
JwtSource::AuthorizationHeader,
391-
None,
392+
Client::default(),
392393
)
393394
.await
394395
.unwrap();
@@ -401,7 +402,7 @@ mod tests {
401402
None,
402403
Validation::new(),
403404
JwtSource::AuthorizationHeader,
404-
None,
405+
Client::default(),
405406
)
406407
.await
407408
.unwrap();
@@ -414,7 +415,7 @@ mod tests {
414415
None,
415416
Validation::new(),
416417
JwtSource::AuthorizationHeader,
417-
None,
418+
Client::default(),
418419
)
419420
.await
420421
.unwrap();
@@ -440,7 +441,7 @@ mod tests {
440441
None,
441442
Validation::new(),
442443
JwtSource::AuthorizationHeader,
443-
None,
444+
Client::default(),
444445
)
445446
.await
446447
.unwrap();
@@ -453,7 +454,7 @@ mod tests {
453454
None,
454455
Validation::new(),
455456
JwtSource::AuthorizationHeader,
456-
None,
457+
Client::default(),
457458
)
458459
.await
459460
.unwrap();
@@ -466,7 +467,7 @@ mod tests {
466467
None,
467468
Validation::new(),
468469
JwtSource::AuthorizationHeader,
469-
None,
470+
Client::default(),
470471
)
471472
.await
472473
.unwrap();
@@ -482,7 +483,7 @@ mod tests {
482483
None,
483484
Validation::new(),
484485
JwtSource::AuthorizationHeader,
485-
None,
486+
Client::default(),
486487
)
487488
.await;
488489
println!("{:?}", a.as_ref().err());
@@ -497,7 +498,7 @@ mod tests {
497498
None,
498499
Validation::default(),
499500
JwtSource::AuthorizationHeader,
500-
None,
501+
Client::default(),
501502
)
502503
.await;
503504
println!("{:?}", a.as_ref().err());
@@ -512,7 +513,7 @@ mod tests {
512513
None,
513514
Validation::default(),
514515
JwtSource::AuthorizationHeader,
515-
None,
516+
Client::default(),
516517
)
517518
.await;
518519
println!("{:?}", a.as_ref().err());

jwt-authorizer/src/builder.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,7 @@ where
233233
self.refresh,
234234
val,
235235
self.jwt_source,
236-
None,
236+
self.http_client.unwrap_or_default(),
237237
)
238238
.await?,
239239
);
@@ -249,7 +249,7 @@ where
249249
self.refresh,
250250
val,
251251
self.jwt_source,
252-
self.http_client,
252+
self.http_client.unwrap_or_default(),
253253
)
254254
.await
255255
}

jwt-authorizer/src/jwks/key_store_manager.rs

+10-7
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
use jsonwebtoken::{jwk::JwkSet, Algorithm};
2-
use reqwest::Url;
2+
use reqwest::{Client, Url};
33
use std::{
44
sync::Arc,
55
time::{Duration, Instant},
@@ -51,6 +51,7 @@ impl Default for Refresh {
5151

5252
#[derive(Clone)]
5353
pub struct KeyStoreManager {
54+
http_client: Client,
5455
key_url: Url,
5556
/// in case of fail loading (error or key not found), minimal interval
5657
refresh: Refresh,
@@ -67,8 +68,9 @@ pub struct KeyStore {
6768
}
6869

6970
impl KeyStoreManager {
70-
pub(crate) fn new(key_url: Url, refresh: Refresh) -> KeyStoreManager {
71+
pub(crate) fn new(http_client: Client, key_url: Url, refresh: Refresh) -> KeyStoreManager {
7172
KeyStoreManager {
73+
http_client,
7274
key_url,
7375
refresh,
7476
keystore: Arc::new(Mutex::new(KeyStore {
@@ -85,7 +87,7 @@ impl KeyStoreManager {
8587
let key = match self.refresh.strategy {
8688
RefreshStrategy::Interval => {
8789
if ks_gard.can_refresh(self.refresh.refresh_interval, self.refresh.retry_interval) {
88-
ks_gard.refresh(&self.key_url, &[]).await?;
90+
ks_gard.refresh(&self.http_client, &self.key_url, &[]).await?;
8991
}
9092
ks_gard.get_key(header)?
9193
}
@@ -95,7 +97,7 @@ impl KeyStoreManager {
9597
if let Some(jwk) = jwk_opt {
9698
jwk
9799
} else if ks_gard.can_refresh(self.refresh.refresh_interval, self.refresh.retry_interval) {
98-
ks_gard.refresh(&self.key_url, &[("kid", kid)]).await?;
100+
ks_gard.refresh(&self.http_client, &self.key_url, &[("kid", kid)]).await?;
99101
ks_gard.find_kid(kid).ok_or_else(|| AuthError::InvalidKid(kid.to_owned()))?
100102
} else {
101103
return Err(AuthError::InvalidKid(kid.to_owned()));
@@ -107,6 +109,7 @@ impl KeyStoreManager {
107109
} else if ks_gard.can_refresh(self.refresh.refresh_interval, self.refresh.retry_interval) {
108110
ks_gard
109111
.refresh(
112+
&self.http_client,
110113
&self.key_url,
111114
&[(
112115
"alg",
@@ -127,7 +130,7 @@ impl KeyStoreManager {
127130
// if jwks endpoint is down for the loading, respect retry_interval
128131
&& ks_gard.can_refresh(self.refresh.refresh_interval, self.refresh.retry_interval)
129132
{
130-
ks_gard.refresh(&self.key_url, &[]).await?;
133+
ks_gard.refresh(&self.http_client, &self.key_url, &[]).await?;
131134
}
132135
ks_gard.get_key(header)?
133136
}
@@ -151,8 +154,8 @@ impl KeyStore {
151154
}
152155
}
153156

154-
async fn refresh(&mut self, key_url: &Url, qparam: &[(&str, &str)]) -> Result<(), AuthError> {
155-
reqwest::Client::new()
157+
async fn refresh(&mut self, http_client: &Client, key_url: &Url, qparam: &[(&str, &str)]) -> Result<(), AuthError> {
158+
http_client
156159
.get(key_url.as_ref())
157160
.query(qparam)
158161
.send()

jwt-authorizer/src/oidc.rs

+1-3
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,7 @@ fn discovery_url(issuer: &str) -> Result<Url, InitError> {
2020
Ok(url)
2121
}
2222

23-
pub async fn discover_jwks(issuer: &str, client: Option<Client>) -> Result<String, InitError> {
24-
let client = client.unwrap_or_default();
25-
23+
pub async fn discover_jwks(issuer: &str, client: &Client) -> Result<String, InitError> {
2624
client
2725
.get(discovery_url(issuer)?)
2826
.send()

0 commit comments

Comments
 (0)