headless_lms_server/controllers/main_frontend/oauth/mod.rs
1use actix_web::web::ServiceConfig;
2use utoipa::OpenApi;
3
4/// OAuth 2.0 and OpenID Connect implementation.
5///
6/// This module implements the following RFCs and specifications:
7///
8/// ## OAuth 2.0 Core
9/// - [RFC 6749 — OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749)
10/// - §3.1 — Authorization Endpoint (`/authorize`)
11/// - §3.2 — Token Endpoint (`/token`)
12///
13/// ## OAuth 2.0 Extensions
14/// - [RFC 7009 — OAuth 2.0 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009) (`/revoke`)
15/// - [RFC 7636 — Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636)
16/// - [RFC 7662 — OAuth 2.0 Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662) (`/introspect`)
17/// - [RFC 8414 — OAuth 2.0 Authorization Server Metadata](https://www.rfc-editor.org/rfc/rfc8414) (`/.well-known/openid-configuration`)
18/// - [RFC 9449 — OAuth 2.0 Demonstrating Proof-of-Possession (DPoP)](https://datatracker.ietf.org/doc/html/rfc9449)
19///
20/// ## JSON Web Token (JWT)
21/// - [RFC 7517 — JSON Web Key (JWK)](https://datatracker.ietf.org/doc/html/rfc7517) (`/jwks.json`)
22///
23/// ## OpenID Connect
24/// - [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
25/// - §3 — Authorization Endpoint (`/authorize`)
26/// - §3.1.3 — Token Endpoint (`/token`)
27/// - §5.3 — UserInfo Endpoint (`/userinfo`)
28/// - §10 — JWKS endpoint for key discovery (`/jwks.json`) — Note: Currently exposes a single key; key rotation not implemented
29/// - [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) (`/.well-known/openid-configuration`)
30mod authorize;
31mod authorized_clients;
32mod consent;
33mod discovery;
34mod introspect;
35mod revoke;
36mod token;
37mod userinfo;
38
39#[derive(OpenApi)]
40#[openapi(paths(
41 discovery::jwks,
42 discovery::well_known_openid,
43 authorize::authorize_get_doc,
44 authorize::authorize_post_doc,
45 token::token,
46 userinfo::user_info_get_doc,
47 userinfo::user_info_post_doc,
48 revoke::revoke,
49 consent::approve_consent,
50 consent::deny_consent,
51 authorized_clients::get_authorized_clients,
52 authorized_clients::delete_authorized_client,
53 introspect::introspect
54))]
55pub(crate) struct MainFrontendOauthApiDoc;
56
57pub fn _add_routes(cfg: &mut ServiceConfig) {
58 authorize::_add_routes(cfg);
59 token::_add_routes(cfg);
60 userinfo::_add_routes(cfg);
61 discovery::_add_routes(cfg);
62 revoke::_add_routes(cfg);
63 consent::_add_routes(cfg);
64 authorized_clients::_add_routes(cfg);
65 introspect::_add_routes(cfg);
66}