1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
// Copyright 2024 New Vector Ltd.
// Copyright 2022-2024 Kévin Commaille.
//
// SPDX-License-Identifier: AGPL-3.0-only
// Please see LICENSE in the repository root for full details.
//! Requests for the Token endpoint.
use chrono::{DateTime, Utc};
use mas_http::RequestBuilderExt;
use oauth2_types::requests::{AccessTokenRequest, AccessTokenResponse};
use rand::Rng;
use url::Url;
use crate::{
error::{ResponseExt, TokenRequestError},
types::client_credentials::ClientCredentials,
};
/// Request an access token.
///
/// # Arguments
///
/// * `http_client` - The reqwest client to use for making HTTP requests.
///
/// * `client_credentials` - The credentials obtained when registering the
/// client.
///
/// * `token_endpoint` - The URL of the issuer's Token endpoint.
///
/// * `request` - The request to make at the Token endpoint.
///
/// * `now` - The current time.
///
/// * `rng` - A random number generator.
///
/// # Errors
///
/// Returns an error if the request fails or the response is invalid.
#[tracing::instrument(skip_all, fields(token_endpoint, request))]
pub async fn request_access_token(
http_client: &reqwest::Client,
client_credentials: ClientCredentials,
token_endpoint: &Url,
request: AccessTokenRequest,
now: DateTime<Utc>,
rng: &mut impl Rng,
) -> Result<AccessTokenResponse, TokenRequestError> {
tracing::debug!(?request, "Requesting access token...");
let token_request = http_client.post(token_endpoint.as_str());
let token_response = client_credentials
.authenticated_form(token_request, &request, now, rng)?
.send_traced()
.await?
.error_from_oauth2_error_response()
.await?
.json()
.await?;
Ok(token_response)
}