-
Notifications
You must be signed in to change notification settings - Fork 1
/
auth.rs
104 lines (95 loc) · 3.42 KB
/
auth.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
use crate::client::CloudManagerClient;
use crate::config::{AuthStrategy, Scope};
use crate::models::auth::{BearerResponse, JwtClaims};
use crate::IMS_ENDPOINT;
use chrono::{Duration, Utc};
use jsonwebtoken::{encode, Algorithm, EncodingKey, Header};
use log::debug;
/// Generates a JWT to authenticate with the Adobe API.
///
/// # Arguments
///
/// * `client` - A reference to a CloudManagerClient instance
fn generate_jwt(client: &CloudManagerClient) -> String {
let date = Utc::now() + Duration::minutes(1);
debug!("scope from config: {:?}", client.config.scope);
let claims = JwtClaims {
exp: date.timestamp() as usize,
iss: client.config.organization_id.clone(),
sub: client.config.technical_account_id.clone(),
aud: format!(
"https://{}/c/{}",
IMS_ENDPOINT,
client.config.client_id.clone()
),
scope_ent_cloudmgr_sdk: client.config.scope == Scope::EntCloudmgrSdk,
scope_ent_aem_cloud_api: client.config.scope == Scope::EntAemCloudApi,
};
let private_key = client.config.private_key.as_bytes();
encode(
&Header::new(Algorithm::RS256),
&claims,
&EncodingKey::from_rsa_pem(private_key).expect("Private key is in the wrong format"),
)
.unwrap()
}
/// Uses a JWT to obtain an access token from Adobe.
///
/// # Arguments
///
/// * `client` - A mutable reference to a CloudManagerClient instance
///
/// # Performed API Request
///
/// ```
/// POST https://ims-na1.adobelogin.com/ims/exchange/jwt/
/// ```
pub async fn obtain_access_token(client: &mut CloudManagerClient) -> Result<(), reqwest::Error> {
if client.config.auth_strategy == AuthStrategy::JWT {
obtain_jwt_token(client).await?;
} else {
obtain_oauth_token(client).await?;
}
Ok(())
}
async fn obtain_oauth_token(client: &mut CloudManagerClient) -> Result<(), reqwest::Error> {
//client.config.jwt = generate_jwt(client);
let form_params = [
("client_id", client.config.client_id.clone()),
("client_secret", client.config.client_secret.clone()),
("scope", "read_pc.dma_aem_ams,openid,AdobeID,read_organizations,additional_info.projectedProductContext".to_owned()),
("grant_type", "client_credentials".to_owned()),
];
let token = &client
.client
.post(format!("https://{}/ims/token/v3/", IMS_ENDPOINT))
.form(&form_params)
.send()
.await?
.text()
.await?;
let bearer_response: BearerResponse = serde_json::from_str(token)
.unwrap_or_else(|_| panic!("Unable to authenticate: {}", token.as_str()));
client.config.access_token = bearer_response.access_token;
Ok(())
}
async fn obtain_jwt_token(client: &mut CloudManagerClient) -> Result<(), reqwest::Error> {
client.config.jwt = generate_jwt(client);
let form_params = [
("client_id", client.config.client_id.clone()),
("client_secret", client.config.client_secret.clone()),
("jwt_token", client.config.jwt.clone()),
];
let token = &client
.client
.post(format!("https://{}/ims/exchange/jwt/", IMS_ENDPOINT))
.form(&form_params)
.send()
.await?
.text()
.await?;
let bearer_response: BearerResponse = serde_json::from_str(token)
.unwrap_or_else(|_| panic!("Unable to authenticate: {}", token.as_str()));
client.config.access_token = bearer_response.access_token;
Ok(())
}