Added user session by OAuth2 Federated provider

MacKarp · davidgraeff · commit beedaf332cea · 2021-09-15T21:29:42.000+02:00
I have added user seession by OAuth2 Federated provider. List of defualt providers are at: https://firebase.google.com/docs/projects/provisioning/configure-oauth?hl=en#add-idp Code is implementing this endpoint: https://firebase.google.com/docs/reference/rest/auth?hl=en#section-sign-in-with-oauth-credential it's better version of my code that I have written for my university project, where I only used it for Google and Facebook OAuth2: https://github.com/MacKarp/Cookbook/tree/main/Desktop/firebase_handler/src `access_token` from provider - eg. https://docs.rs/oauth2/4.0.0/oauth2/#example-3 `provider` from enum `OAuth2Provider` `request_uri` should be same as your request_uri/redirect_uri for provider request `with_refresh_token` - needed by `by_user_id` after getting response from firebase it creates user session with exisisting `Session::by_user_id` Signed-off-by: Karpfly <karpfly@gmail.com>
diff --git a/src/dto.rs b/src/dto.rs
@@ -547,6 +547,34 @@ pub struct WriteRequest {
     pub stream_id: Option<String>,
 }
 
+#[derive(Serialize, Debug)]
+pub struct SignInWithIdpRequest {
+    pub post_body: String,
+    pub request_uri: String,
+    pub return_idp_credential: bool,
+    pub return_secure_token: bool,
+}
+
+#[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct OAuthResponse {
+    pub federated_id: String,
+    pub provider_id: String,
+    pub local_id: String,
+    pub email_verified: bool,
+    pub email: String,
+    pub oauth_access_token: String,
+    pub first_name: String,
+    pub last_name: String,
+    pub full_name: String,
+    pub display_name: String,
+    pub id_token: String,
+    pub photo_url: String,
+    pub refresh_token: String,
+    pub expires_in: String,
+    pub raw_user_info: String,
+}
+
 #[cfg(test)]
 mod tests {
     #[test]
diff --git a/src/sessions.rs b/src/sessions.rs
@@ -18,6 +18,7 @@ use std::slice::Iter;
 
 pub mod user {
     use super::*;
+    use crate::dto::{OAuthResponse, SignInWithIdpRequest};
     use credentials::Credentials;
 
     #[inline]
@@ -33,6 +34,36 @@ pub mod user {
         format!("https://securetoken.googleapis.com/v1/token?key={}", v)
     }
 
+    /// Default OAuth2 Providers supported by Firebase.
+    /// see: * https://firebase.google.com/docs/projects/provisioning/configure-oauth?hl=en#add-idp
+    pub enum OAuth2Provider {
+        Apple,
+        AppleGameCenter,
+        Facebook,
+        GitHub,
+        Google,
+        GooglePlayGames,
+        LinkedIn,
+        Microsoft,
+        Twitter,
+        Yahoo,
+    }
+
+    fn get_provider(provider: OAuth2Provider) -> String {
+        match provider {
+            OAuth2Provider::Apple => "apple.com".to_string(),
+            OAuth2Provider::AppleGameCenter => "gc.apple.com".to_string(),
+            OAuth2Provider::Facebook => "facebook.com".to_string(),
+            OAuth2Provider::GitHub => "github.com".to_string(),
+            OAuth2Provider::Google => "google.com".to_string(),
+            OAuth2Provider::GooglePlayGames => "playgames.google.com".to_string(),
+            OAuth2Provider::LinkedIn => "linkedin.com".to_string(),
+            OAuth2Provider::Microsoft => "microsoft.com".to_string(),
+            OAuth2Provider::Twitter => "twitter.com".to_string(),
+            OAuth2Provider::Yahoo => "yahoo.com".to_string(),
+        }
+    }
+
     /// An impersonated session.
     /// Firestore rules will restrict your access.
     pub struct Session {
@@ -281,6 +312,46 @@ pub mod user {
                 client_async: reqwest::Client::new(),
             })
         }
+
+        /// Creates a new user session with OAuth2 provider token.
+        /// If user don't exist it's create new user in firestore
+        ///
+        /// Arguments:
+        /// - `credentials` The credentials.
+        /// - `access_token` access_token provided by OAuth2 provider.
+        /// - `request_uri` The URI to which the provider redirects the user back same as from .
+        /// - `provider` OAuth2Provider enum: Apple, AppleGameCenter, Facebook, GitHub, Google, GooglePlayGames, LinkedIn, Microsoft, Twitter, Yahoo.
+        /// - `with_refresh_token` A refresh token is returned as well. This should be persisted somewhere for later reuse.
+        ///    Google generates only a few dozens of refresh tokens before it starts to invalidate already generated ones.
+        ///    For short lived, immutable, non-persisting services you do not want a refresh token.
+        ///
+        pub fn by_oauth2(
+            credentials: &Credentials,
+            access_token: String,
+            provider: OAuth2Provider,
+            request_uri: String,
+            with_refresh_token: bool,
+        ) -> Result<Session, FirebaseError> {
+            let uri = "https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key=".to_owned()
+                + &credentials.api_key;
+
+            let post_body = format!("access_token={}&providerId={}", access_token, get_provider(provider));
+            let return_idp_credential = true;
+            let return_secure_token = true;
+
+            let json = &SignInWithIdpRequest {
+                post_body,
+                request_uri,
+                return_idp_credential,
+                return_secure_token,
+            };
+
+            let response = reqwest::blocking::Client::new().post(&uri).json(&json).send()?;
+
+            let oauth_response: OAuthResponse = response.json()?;
+
+            self::Session::by_user_id(&credentials, &oauth_response.local_id, with_refresh_token)
+        }
     }
 }
 
