feat: Add support for the oidcaccesstoken authentication (#1332)

Add support for authenticating with the access token issued by the
trusted federated idp.

Author: gtema

doc/src/auth.md

@@ -39,6 +39,12 @@ Rust based tools support typical
 [`clouds.yaml`/`secure.yaml`](https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html)
 files for configuration.
 
+Most authentication methods support interactive data provisioning. When certain
+required auth attributes are not provided in the configuration file or through
+the supported cli arguments (or environment variables) clients that implement 
+`AuthHelper` interface can receive such data from the user. For example when
+using the cli a prompt will appear. In the tui a popup requests the user input.
+
 ### Authentication methods
 
 Currently only a subset of all possible authentication methods is covered with
@@ -135,6 +141,19 @@ required to specify user data when using application credential name
 Either `application_credential_id` is required or `application_credential_name`
 in which case additionally the user information is required.
 
+#### v3OidcAccessToken
+
+Authentication with the OIDC access token is supported in the same way like it
+is done by the python OpenStack tools.
+
+Required configuration:
+
+- `auth_type` = `v3oidcaccesstoken` (or `oidaccesstoken`)
+- `identity_provider_id` - an identity provider id
+- `protocol` - identity provider protocol (usually `oidc`)
+- `access_token` - Access token of the received from the remote identity
+provider.
+
 
 ## Caching
 

openstack_sdk/src/auth.rs

@@ -33,6 +33,7 @@ pub mod authtoken_scope;
 pub mod v3applicationcredential;
 #[cfg(feature = "keystone_ng")]
 pub mod v3federation;
+pub mod v3oidcaccesstoken;
 pub mod v3password;
 pub mod v3token;
 pub mod v3totp;
@@ -42,6 +43,7 @@ use authtoken::{AuthToken, AuthTokenError};
 use authtoken_scope::AuthTokenScopeError;
 #[cfg(feature = "keystone_ng")]
 use v3federation::FederationError;
+use v3oidcaccesstoken::OidcAccessTokenError;
 use v3websso::WebSsoError;
 
 /// Authentication error
@@ -76,6 +78,14 @@ impl From<AuthTokenScopeError> for AuthError {
         }
     }
 }
+
+impl From<OidcAccessTokenError> for AuthError {
+    fn from(source: v3oidcaccesstoken::OidcAccessTokenError) -> Self {
+        Self::AuthToken {
+            source: source.into(),
+        }
+    }
+}
 impl From<WebSsoError> for AuthError {
     fn from(source: v3websso::WebSsoError) -> Self {
         Self::AuthToken {

openstack_sdk/src/auth/authtoken.rs

@@ -29,8 +29,8 @@ use crate::auth::auth_token_endpoint as token_v3;
 #[cfg(feature = "keystone_ng")]
 use crate::auth::v3federation;
 use crate::auth::{
-    auth_helper::AuthHelper, authtoken_scope, v3applicationcredential, v3password, v3token, v3totp,
-    v3websso, AuthState,
+    auth_helper::AuthHelper, authtoken_scope, v3applicationcredential, v3oidcaccesstoken,
+    v3password, v3token, v3totp, v3websso, AuthState,
 };
 use crate::config;
 use crate::types::identity::v3::{AuthReceiptResponse, AuthResponse};
@@ -118,6 +118,14 @@ pub enum AuthTokenError {
         source: v3applicationcredential::ApplicationCredentialError,
     },
 
+    /// Oidc Access Token autherror
+    #[error("OIDC access token authentication error: {}", source)]
+    OidcAccessToken {
+        /// The error source
+        #[from]
+        source: v3oidcaccesstoken::OidcAccessTokenError,
+    },
+
     /// Password Identity error
     #[error("Password based authentication error: {}", source)]
     Password {
@@ -244,6 +252,8 @@ pub enum AuthType {
     #[cfg(feature = "keystone_ng")]
     /// Federation
     V3Federation,
+    /// OIDC Access token
+    V3OidcAccessToken,
     /// v3 Password
     V3Password,
     /// v3 Token
@@ -267,6 +277,7 @@ impl FromStr for AuthType {
             "v3password" | "password" => Ok(Self::V3Password),
             #[cfg(feature = "keystone_ng")]
             "v3federation" | "federation" => Ok(Self::V3Federation),
+            "v3oidcaccesstoken" | "accesstoken" => Ok(Self::V3OidcAccessToken),
             "v3token" | "token" => Ok(Self::V3Token),
             "v3totp" => Ok(Self::V3Totp),
             "v3multifactor" => Ok(Self::V3Multifactor),
@@ -295,6 +306,7 @@ impl AuthType {
             Self::V3Password => "v3password",
             #[cfg(feature = "keystone_ng")]
             Self::V3Federation => "v3federation",
+            Self::V3OidcAccessToken => "v3oidcaccesstoken",
             Self::V3Token => "v3token",
             Self::V3Multifactor => "v3multifactor",
             Self::V3Totp => "v3totp",