Change jwks_uri into Url (#15)

tower-oauth2-resource-server/Cargo.toml

@@ -16,7 +16,7 @@ serde = "1.0.210"
 serde_with = "3.9.0"
 tokio = { workspace = true, features = ["rt", "sync", "time"] }
 tower = { workspace = true }
-url = "2.5.2"
+url = { version = "2.5.2", features = ["serde"] }
 
 [dev-dependencies]
 base64 = "0.22.1"

tower-oauth2-resource-server/src/jwks.rs

@@ -4,6 +4,7 @@ use jsonwebtoken::{
     DecodingKey,
 };
 use log::{info, warn};
+use reqwest::Url;
 use std::{collections::HashMap, sync::Arc};
 use tokio::{
     sync::RwLock,
@@ -25,7 +26,7 @@ pub struct JwksDecodingKeysProvider {
 }
 
 impl JwksDecodingKeysProvider {
-    pub fn new(jwks_uri: &str, refresh_interval: Duration) -> Self {
+    pub fn new(jwks_uri: Url, refresh_interval: Duration) -> Self {
         let decoding_keys = Arc::new(RwLock::new(HashMap::new()));
         tokio::spawn(Self::fetch_jwks_job(
             jwks_uri.to_owned(),
@@ -36,14 +37,14 @@ impl JwksDecodingKeysProvider {
     }
 
     async fn fetch_jwks_job(
-        jwks_uri: String,
+        jwks_uri: Url,
         decoding_keys: Arc<RwLock<HashMap<String, Arc<DecodingKey>>>>,
         refresh_interval: Duration,
     ) {
         let mut interval = time::interval(refresh_interval);
         loop {
             interval.tick().await;
-            match fetch_jwks(&jwks_uri).await {
+            match fetch_jwks(jwks_uri.clone()).await {
                 Ok(jwks) => match jwks
                     .keys
                     .into_iter()
@@ -75,7 +76,7 @@ impl DecodingKeysProvider for JwksDecodingKeysProvider {
     }
 }
 
-async fn fetch_jwks(jwks_uri: &str) -> Result<JwkSet, JwkError> {
+async fn fetch_jwks(jwks_uri: Url) -> Result<JwkSet, JwkError> {
     let response = reqwest::get(jwks_uri)
         .await
         .map_err(|_| JwkError::FetchFailed)?;

tower-oauth2-resource-server/src/oidc.rs

@@ -10,7 +10,7 @@ use crate::error::StartupError;
 
 #[derive(Clone, Debug, Deserialize)]
 pub(crate) struct OidcConfig {
-    pub jwks_uri: String,
+    pub jwks_uri: Url,
     pub claims_supported: Option<Vec<String>>,
 }
 

tower-oauth2-resource-server/src/server.rs

@@ -53,7 +53,7 @@ where
         Ok(OAuth2ResourceServer {
             jwt_validator: Arc::new(OnlyJwtValidator::new(
                 Arc::new(JwksDecodingKeysProvider::new(
-                    &jwks_uri,
+                    jwks_uri,
                     jwk_set_refresh_interval,
                 )),
                 claims_validation_spec,
@@ -103,13 +103,16 @@ async fn resolve_config(
     issuer_uri: &str,
     jwks_uri: Option<String>,
     audiences: Vec<String>,
-) -> Result<(String, ClaimsValidationSpec), StartupError> {
+) -> Result<(Url, ClaimsValidationSpec), StartupError> {
     let mut claims_spec = ClaimsValidationSpec::new()
         .iss(issuer_uri)
         .aud(audiences)
         .exp(true);
 
     if let Some(jwks_uri) = jwks_uri {
+        let jwks_uri = jwks_uri.parse::<Url>().map_err(|_| {
+            StartupError::InvalidParameter(format!("Invalid jwks_uri: {}", jwks_uri))
+        })?;
         return Ok((jwks_uri, claims_spec));
     }
 
@@ -143,7 +146,7 @@ mod tests {
         ctx.expect()
             .returning(|_| {
                 Ok(OidcConfig {
-                    jwks_uri: "".to_owned(),
+                    jwks_uri: "http://some-issuer.com/jwks".parse::<Url>().unwrap(),
                     claims_supported: None,
                 })
             })