Mehrn0ush / RustifyAuth

"Rustify-Auth is a lightweight OAuth 2.0 & 2.1 authorization server in Rust, designed with educational goals in mind. It supports Authorization Code + PKCE, Client Credentials, Refresh Tokens, secure JWT token generation, and Post-Quantum Cryptography (PQC) for enhanced future-proof security.
MIT License
8 stars 4 forks source link

Implement Dynamic Client Deletion and Update Endpoints #14

Closed Mehrn0ush closed 4 days ago

Mehrn0ush commented 1 month ago

Description: Expand the dynamic client registration to support client deletion and client updates. This will allow clients or administrators to remove or modify existing client registrations dynamically.

Tasks:

Skill Level: Intermediate File Location: src/endpoints/register.rs, src/storage/client.rs

Mehrn0ush commented 4 days ago

Current Status Endpoints Implemented:

Update Endpoint (/update): Enables updates to specific fields of a client’s registration, including client_name, redirect_uris, grant_types, response_types, and software_statement. Delete Endpoint (/delete): Allows for dynamic client deletion, with appropriate authorization checks. Authorization Check (RBAC):

Both endpoints perform an RBAC check to ensure the client or user has the necessary "admin" role. Mock rbac_check functions are currently in place, which should eventually be replaced with a production-grade RBAC mechanism. Testing:

Comprehensive tests have been implemented for both endpoints, covering scenarios such as unauthorized access, non-existent client updates, and deletion, as well as successful cases. JWT-based authentication is used in tests, especially for the deletion endpoint, which ensures that only clients with admin privileges can delete registrations.