feat: update general dependencies and axum to v0.7 (#521)

* feat: update general dependencies and axum to v0.7

Closes #514.
Closes #519.
Closes #518.

* ignore marvin attack for now. there is no fix

* fix doctest

Author: buehler

.github/workflows/security-check.yml

@@ -16,4 +16,4 @@ jobs:
       - uses: rustsec/[email protected]
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          ignore: RUSTSEC-2020-0071
+          ignore: RUSTSEC-2020-0071, RUSTSEC-2023-0071

Cargo.toml

@@ -53,35 +53,35 @@ rocket = ["credentials", "oidc", "dep:rocket"]
 
 [dependencies]
 async-trait = { version = "0.1.74", optional = true }
-axum = { version = "0.6.20", optional = true, features = ["headers", "macros"] }
-axum-extra = { version = "0.8.0", optional = true }
+axum = { version = "0.7", optional = true, features = ["macros"] }
+axum-extra = { version = "0.9", optional = true, features = ["typed-header"] }
 base64-compat = { version = "1", optional = true }
 custom_error = "1.9.2"
 document-features = { version = "0.2", optional = true }
-jsonwebtoken = { version = "9.1.0", optional = true }
+jsonwebtoken = { version = "9.2.0", optional = true }
 openidconnect = { version = "3.4.0", optional = true }
-pbjson-types = { version = "0.5.1", optional = true }
-prost = { version = "0.11", optional = true }
-prost-types = { version = "0.11", optional = true }
-reqwest = { version = "0.11.22", features = ["json", "rustls-tls"], default-features = false, optional = true }
-rocket = { version = "0.5.0-rc.3", optional = true }
+pbjson-types = { version = "0.6", optional = true }
+prost = { version = "0.12", optional = true }
+prost-types = { version = "0.12", optional = true }
+reqwest = { version = "0.11.23", features = ["json", "rustls-tls"], default-features = false, optional = true }
+rocket = { version = "0.5.0", optional = true }
 serde = { version = "1.0", features = ["derive"], optional = true }
 serde_json = { version = "1.0", optional = true }
 serde_urlencoded = { version = "0.7.1", optional = true }
-time = { version = "0.3.30", optional = true }
+time = { version = "0.3.31", optional = true }
 tokio = { version = "1", optional = true, features = [
   "macros",
   "rt-multi-thread",
 ] }
-tonic = { version = "0.9", features = [
+tonic = { version = "0.10", features = [
   "tls",
   "tls-roots",
   "tls-roots-common",
 ], optional = true }
-tonic-types = { version = "0.9", optional = true }
+tonic-types = { version = "0.10", optional = true }
 
 [dev-dependencies]
-chrono = "0.4.31"
+chrono = "0.4.32"
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
 tower = { version = "0.4.13" }
 

README.md

@@ -3,6 +3,12 @@
 This repository contains the gRPC service clients and helpers/credentials/other utilities
 for [ZITADEL](https://github.com/zitadel/zitadel).
 
+The following features are present:
+- API clients for communication with the ZITADEL API (calling gRPC methods)
+- Credentials support for the API clients (access token and service account interceptors)
+- OIDC Introspection support for [rocket](https://rocket.rs)
+- OIDC Introspection support for [axum](https://github.com/tokio-rs/axum)
+
 ### Example
 
 There exist a few examples in the `examples` directory.
@@ -11,7 +17,7 @@ Go there to see the library in action, or head over to the
 
 ### Development
 
-After you checkout the repository, you need ["just"](https://just.systems) to run
+After you clone the repository, you need ["just"](https://just.systems) to run
 certain tasks. Generating the gRPC clients is done via `just generate-grpc` or `just`
 (as it is configured to be the default action for just).
 

examples/axum_webapi_oauth_interception_basic.rs

@@ -3,6 +3,7 @@ use std::net::SocketAddr;
 use axum::response::IntoResponse;
 use axum::routing::get;
 use axum::Router;
+use tokio::net::TcpListener;
 use zitadel::axum::introspection::{IntrospectedUser, IntrospectionStateBuilder};
 
 async fn unauthed() -> String {
@@ -35,8 +36,8 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let addr = SocketAddr::from(([127, 0, 0, 1], 3001));
     println!("listening on: {addr}");
-    axum::Server::bind(&addr)
-        .serve(app.into_make_service())
+    let listener = TcpListener::bind(addr).await?;
+    axum::serve(listener, app.into_make_service())
         .await
         .unwrap();
 

src/axum/introspection/mod.rs

@@ -14,6 +14,7 @@
 //! # use axum::response::IntoResponse;
 //! # use axum::routing::get;
 //! # use axum::Router;
+//! # use tokio::net::TcpListener;
 //! # use tokio::runtime::Builder;
 //! # use std::net::SocketAddr;
 //! #
@@ -32,8 +33,8 @@
 //!
 //! let addr = SocketAddr::from(([127, 0, 0, 1], 3001));
 //! println!("listening on: {addr}");
-//! axum::Server::bind(&addr)
-//!     .serve(app.into_make_service())
+//! let listener = TcpListener::bind(addr).await.unwrap();
+//! axum::serve(listener, app.into_make_service())
 //!     .await
 //!     .unwrap();
 //! # }

src/axum/introspection/user.rs

@@ -1,14 +1,16 @@
+use axum::http::StatusCode;
 use axum::{
     async_trait,
     extract::{FromRef, FromRequestParts},
-    headers::{authorization::Bearer, Authorization},
     http::request::Parts,
     response::IntoResponse,
-    Json, RequestPartsExt, TypedHeader,
+    Json, RequestPartsExt,
 };
+use axum_extra::headers::authorization::Bearer;
+use axum_extra::headers::Authorization;
+use axum_extra::TypedHeader;
 use custom_error::custom_error;
 use openidconnect::TokenIntrospectionResponse;
-use reqwest::StatusCode;
 use serde_json::json;
 
 use crate::oidc::introspection::{introspect, IntrospectionError, ZitadelIntrospectionResponse};
@@ -51,7 +53,7 @@ impl IntoResponse for IntrospectionGuardError {
     }
 }
 
-/// struct for the extracted user. The extracted user will always be valid, when fetched in a
+/// Struct for the extracted user. The extracted user will always be valid, when fetched in a
 /// request function arguments. If not the api will return with an appropriate error.
 #[derive(Debug)]
 pub struct IntrospectedUser {
@@ -132,10 +134,10 @@ mod tests {
     use axum::routing::get;
     use axum::Router;
     use tokio::runtime::Builder;
+    use tower::ServiceExt;
 
     use crate::axum::introspection::{IntrospectionState, IntrospectionStateBuilder};
     use crate::credentials::Application;
-    use tower::ServiceExt;
 
     use super::*;
 

src/rocket/introspection/guard.rs

@@ -60,17 +60,14 @@ impl<'request> FromRequest<'request> for &'request IntrospectedUser {
     async fn from_request(request: &'request Request<'_>) -> Outcome<Self, Self::Error> {
         let auth: Vec<_> = request.headers().get("authorization").collect();
         if auth.len() > 1 {
-            return Outcome::Failure((Status::BadRequest, &IntrospectionGuardError::InvalidHeader));
+            return Outcome::Error((Status::BadRequest, &IntrospectionGuardError::InvalidHeader));
         } else if auth.is_empty() {
-            return Outcome::Failure((
-                Status::Unauthorized,
-                &IntrospectionGuardError::Unauthorized,
-            ));
+            return Outcome::Error((Status::Unauthorized, &IntrospectionGuardError::Unauthorized));
         }
 
         let token = auth[0];
         if !token.starts_with("Bearer ") {
-            return Outcome::Failure((Status::Unauthorized, &IntrospectionGuardError::WrongScheme));
+            return Outcome::Error((Status::Unauthorized, &IntrospectionGuardError::WrongScheme));
         }
 
         let result = request
@@ -140,7 +137,7 @@ impl<'request> FromRequest<'request> for &'request IntrospectedUser {
 
         match result {
             Ok(user) => Outcome::Success(user),
-            Err((status, error)) => Outcome::Failure((*status, error)),
+            Err((status, error)) => Outcome::Error((*status, error)),
         }
     }
 }