feature: enable accept-rfc-3339-timestamps in openidconnect-rs and

cdxker · cdxker · commit 0737586d124c · 2025-06-29T06:48:20.000-07:00
skip tokenhash validation to enable auth0 compatability
diff --git a/server/Cargo.lock b/server/Cargo.lock
diff --git a/server/Cargo.toml b/server/Cargo.toml
@@ -153,8 +153,9 @@ utoipa = { version = "4.2", features = [
     "debug",
 ] }
 utoipa-redoc = { version = "4.0", features = ["actix-web"] }
-openidconnect = { git = "https://github.com/devflowinc/openidconnect-rs.git", branch = "patch-3.4.0",  features = [
+openidconnect = { git = "https://github.com/devflowinc/openidconnect-rs.git", rev = "9b9cefd91ae7e1bc4ad336a9bed5dcf04fa179a5",  features = [
     "reqwest",
+    "accept-rfc3339-timestamps"
 ], default-features = false }
 oauth2 = "4.4.2"
 dateparser = "0.2.1"
diff --git a/server/src/handlers/auth_handler.rs b/server/src/handlers/auth_handler.rs
@@ -453,14 +453,15 @@ pub async fn oidc_callback(
         .ok_or_else(|| ServiceError::InternalServerError("Empty ID Token".into()))?;
 
     let id_token_verifier = oidc_client.id_token_verifier();
-    let claims = id_token
-        .claims(&id_token_verifier, &nonce)
-        .map_err(|_| ServiceError::InternalServerError("Claims Verification Error".into()))?;
+    let claims = id_token.claims(&id_token_verifier, &nonce).map_err(|e| {
+        ServiceError::InternalServerError(format!("Claims Verification Error, {}", e))
+    })?;
 
     match claims.access_token_hash() {
-        None => Err(ServiceError::BadRequest(
-            "Missing access token hash".to_string(),
-        ))?,
+        None => {
+            log::warn!("Access Token Hash Not provided by openid provider, skipping hash check");
+            Ok(())
+        }
         Some(given_token_hash) => {
             let calculated_token_hash = AccessTokenHash::from_token(
                 token_response.access_token(),
