From 3e7f09db626e46092181714ccd5cef1aba507daa Mon Sep 17 00:00:00 2001 From: berthrann <43443385+berthrann@users.noreply.github.com> Date: Wed, 12 Mar 2025 16:03:35 +0300 Subject: [PATCH] Add Yandex ID OAuth provider support. (#622) --- chirpstack/src/api/oauth2.rs | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/chirpstack/src/api/oauth2.rs b/chirpstack/src/api/oauth2.rs index 38394f35..8ffa2283 100644 --- a/chirpstack/src/api/oauth2.rs +++ b/chirpstack/src/api/oauth2.rs @@ -28,6 +28,12 @@ struct ClerkUserinfo { pub user_id: String, } +#[derive(Deserialize)] +struct YandexUserinfo { + pub default_email: String, + pub id: String, +} + #[derive(Deserialize)] pub struct CallbackArgs { pub code: String, @@ -129,9 +135,11 @@ pub async fn get_user(code: &str, state: &str) -> Result { let conf = config::get(); let provider = conf.user_authentication.oauth2.provider.clone(); let userinfo_url = conf.user_authentication.oauth2.userinfo_url.clone(); + let assume_email_verified = conf.user_authentication.oauth2.assume_email_verified; match provider.as_ref() { "clerk" => get_clerk_user(access_token, &userinfo_url).await, + "yandex" => get_yandex_user(access_token, &userinfo_url, assume_email_verified).await, _ => Err(anyhow!("Unsupported OAuth2 provider: {}", provider)), } } @@ -155,6 +163,25 @@ async fn get_clerk_user(token: &str, url: &str) -> Result { }) } +async fn get_yandex_user(token: &str, url: &str, assume_email_verified: bool) -> Result { + let client = reqwest::Client::new(); + let auth_header = format!("Bearer {}", token); + + let resp: YandexUserinfo = client + .get(url) + .header(AUTHORIZATION, auth_header) + .send() + .await? + .json() + .await?; + + Ok(User { + email: resp.default_email, + email_verified: assume_email_verified, + external_id: resp.id, + }) +} + async fn store_verifier( token: &oauth2::CsrfToken, verifier: &oauth2::PkceCodeVerifier,