I know this might not be an issue or something
I have a question, in my case
from post_authorize for return type code am doing
let oauth = Extras::AuthPost(r.query_string().to_owned(), username);
state.send(Authorize(req).wrap(oauth)).await?
and from handler
if query_string.clone().contains("allow") {
OwnerConsent::Authorized(username)
} else {
OwnerConsent::Denied
}
i somehow expect that this will encode user to to the returned code,
the returned code is then exchanged for the bearer token in the token route in the example provided
for me all these works but I still don't understand, the reason for me doing this in the first place was so that i could have a secure way to pass the user info to the third party app using the ouath for my application but right now i dont understand how i can decode the bearer token that was returned to map the user coz for me i changed the index route to user
pub(crate) async fn user(
(req, state): (OAuthResource, web::Data<Addr<OAuthState>>),
) -> Result<OAuthResponse, WebError> {
println!("user {:?}", &req.into_request());
let body = json!({
"user": "user",
});
Ok(OAuthResponse::ok().body(&body.to_string()))
// match state
// .send(Resource(req.into_request()).wrap(Extras::Nothing))
// .await?
// {
// Ok(_grant) => {
// let body = json!({
// "user": "user",
// });
// Ok(OAuthResponse::ok().body(&body.to_string()))
// },
// Err(Ok(e)) =>{
// println!("err: {:?}", e);
// Ok(e.body(
// &json!({
// "error": "unauthorized",
// "error_description": "The request requires higher privileges than provided by the access token."
// }).to_string(),
// ))},
// Err(Err(e)) => Err(e),
// }
}
but still println!("user {:?}", &req.into_request()); show user OAuthRequest { auth: Some("Bearer iI00UBh++RFr8G4OTzDKYw=="), query: None, body: None } which auth is private
i guess the question in my case if it is not clear so far was how can i let the third part get the info of the user who authorized access in the first place after all these so that the third part has something like id of the user so that they can make requests in place of the user in future providing id and I can check that user gave grant to thirdparty (i understand all database related things if any of that is in place just need to understand how i can retrieve "username" that authorized
I know this might not be an issue or something I have a question, in my case from post_authorize for return type code am doing
and from handler
i somehow expect that this will encode user to to the returned code, the returned code is then exchanged for the bearer token in the
tokenroute in the example provided for me all these works but I still don't understand, the reason for me doing this in the first place was so that i could have a secure way to pass the user info to the third party app using the ouath for my application but right now i dont understand how i can decode the bearer token that was returned to map the user coz for me i changed theindexroute touserrunning
but still
println!("user {:?}", &req.into_request());showuser OAuthRequest { auth: Some("Bearer iI00UBh++RFr8G4OTzDKYw=="), query: None, body: None }whichauthis privatei guess the question in my case if it is not clear so far was how can i let the third part get the info of the user who authorized access in the first place after all these so that the third part has something like id of the user so that they can make requests in place of the user in future providing id and I can check that user gave grant to thirdparty (i understand all database related things if any of that is in place just need to understand how i can retrieve "username" that authorized
thanks