refactor(oidc): move oidc_client to own module

Author: kilimnik

crates/matrix-sdk/src/authentication/common_oidc/mod.rs

@@ -0,0 +1,88 @@
+// Copyright 2025 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Common modules useful when using OIDC as the auththentication mechanism.
+
+pub(crate) mod oidc_client;
+
+use as_variant::as_variant;
+use openidconnect::core::CoreErrorResponseType;
+pub use openidconnect::{
+    ConfigurationError, DeviceCodeErrorResponseType, DiscoveryError, HttpClientError,
+    RequestTokenError, StandardErrorResponse,
+};
+use thiserror::Error;
+
+use crate::{oidc, HttpError};
+
+/// Error type describing failures in the interaction between the device
+/// attempting to log in and the OIDC provider.
+#[derive(Debug, Error)]
+pub enum DeviceAuhorizationOidcError {
+    /// A generic OIDC error happened while we were attempting to register the
+    /// device with the OIDC provider.
+    #[error(transparent)]
+    Oidc(#[from] oidc::OidcError),
+
+    /// The issuer URL failed to be parsed.
+    #[error(transparent)]
+    InvalidIssuerUrl(#[from] url::ParseError),
+
+    /// There was an error with our device configuration right before attempting
+    /// to wait for the access token to be issued by the OIDC provider.
+    #[error(transparent)]
+    Configuration(#[from] ConfigurationError),
+
+    /// An error happened while we attempted to discover the authentication
+    /// issuer URL.
+    #[error(transparent)]
+    AuthenticationIssuer(HttpError),
+
+    /// An error happened while we attempted to request a device authorization
+    /// from the OIDC provider.
+    #[error(transparent)]
+    DeviceAuthorization(
+        #[from]
+        RequestTokenError<
+            HttpClientError<reqwest::Error>,
+            StandardErrorResponse<CoreErrorResponseType>,
+        >,
+    ),
+
+    /// An error happened while waiting for the access token to be issued and
+    /// sent to us by the OIDC provider.
+    #[error(transparent)]
+    RequestToken(
+        #[from]
+        RequestTokenError<
+            HttpClientError<reqwest::Error>,
+            StandardErrorResponse<DeviceCodeErrorResponseType>,
+        >,
+    ),
+
+    /// An error happened during the discovery of the OIDC provider metadata.
+    #[error(transparent)]
+    Discovery(#[from] DiscoveryError<HttpClientError<reqwest::Error>>),
+}
+
+impl DeviceAuhorizationOidcError {
+    /// If the [`DeviceAuhorizationOidcError`] is of the
+    /// [`DeviceCodeErrorResponseType`] error variant, return it.
+    pub fn as_request_token_error(&self) -> Option<&DeviceCodeErrorResponseType> {
+        let error = as_variant!(self, DeviceAuhorizationOidcError::RequestToken)?;
+        let request_token_error = as_variant!(error, RequestTokenError::ServerResponse)?;
+
+        Some(request_token_error.error())
+    }
+}

crates/matrix-sdk/src/authentication/qrcode/oidc_client.rs renamed to crates/matrix-sdk/src/authentication/common_oidc/oidc_client.rs

@@ -87,13 +87,14 @@ pub type OidcClientInner<
 /// An OIDC specific HTTP client.
 ///
 /// This is used to communicate with the OIDC provider exclusively.
-pub(super) struct OidcClient {
+#[derive(Debug)]
+pub(crate) struct OidcClient {
     inner: OidcClientInner,
     http_client: HttpClient,
 }
 
 impl OidcClient {
-    pub(super) async fn new(
+    pub(crate) async fn new(
         client_id: String,
         issuer_url: String,
         http_client: HttpClient,
@@ -120,7 +121,7 @@ impl OidcClient {
         Ok(OidcClient { inner: oidc_client, http_client })
     }
 
-    pub(super) async fn request_device_authorization(
+    pub(crate) async fn request_device_authorization(
         &self,
         device_id: Curve25519PublicKey,
     ) -> Result<CoreDeviceAuthorizationResponse, DeviceAuhorizationOidcError> {
@@ -145,7 +146,7 @@ impl OidcClient {
         Ok(details)
     }
 
-    pub(super) async fn wait_for_tokens(
+    pub(crate) async fn wait_for_tokens(
         &self,
         details: &CoreDeviceAuthorizationResponse,
     ) -> Result<OidcSessionTokens, DeviceAuhorizationOidcError> {

crates/matrix-sdk/src/authentication/mod.rs

@@ -30,6 +30,9 @@ use crate::{
     Client, RefreshTokenError, SessionChange,
 };
 
+#[cfg(feature = "experimental-oidc")]
+pub mod common_oidc;
+
 #[cfg(all(feature = "experimental-oidc", feature = "e2e-encryption", not(target_arch = "wasm32")))]
 pub mod qrcode;
 

crates/matrix-sdk/src/authentication/qrcode/login.rs

@@ -29,15 +29,15 @@ use ruma::OwnedDeviceId;
 use tracing::trace;
 use vodozemac::ecies::CheckCode;
 
-use super::{
-    messages::LoginFailureReason, oidc_client::OidcClient, DeviceAuhorizationOidcError,
-    SecureChannelError,
-};
+use super::{messages::LoginFailureReason, DeviceAuhorizationOidcError, SecureChannelError};
 #[cfg(doc)]
 use crate::oidc::Oidc;
 use crate::{
-    authentication::qrcode::{
-        messages::QrAuthMessage, secure_channel::EstablishedSecureChannel, QRCodeLoginError,
+    authentication::{
+        common_oidc::oidc_client::OidcClient,
+        qrcode::{
+            messages::QrAuthMessage, secure_channel::EstablishedSecureChannel, QRCodeLoginError,
+        },
     },
     Client,
 };

crates/matrix-sdk/src/authentication/qrcode/mod.rs

@@ -22,7 +22,6 @@
 //! QR code. To log in using a QR code, please take a look at the
 //! [`Oidc::login_with_qr_code()`] method
 
-use as_variant::as_variant;
 use matrix_sdk_base::crypto::SecretImportError;
 pub use openidconnect::{
     core::CoreErrorResponseType, ConfigurationError, DeviceCodeErrorResponseType, DiscoveryError,
@@ -38,7 +37,6 @@ use crate::{oidc::CrossProcessRefreshLockError, HttpError};
 
 mod login;
 mod messages;
-mod oidc_client;
 mod rendezvous_channel;
 mod secure_channel;
 
@@ -50,6 +48,7 @@ pub use self::{
     login::{LoginProgress, LoginWithQrCode},
     messages::{LoginFailureReason, LoginProtocolType, QrAuthMessage},
 };
+use crate::authentication::common_oidc::DeviceAuhorizationOidcError;
 
 /// The error type for failures while trying to log in a new device using a QR
 /// code.
@@ -106,67 +105,6 @@ pub enum QRCodeLoginError {
     SecretImport(#[from] SecretImportError),
 }
 
-/// Error type describing failures in the interaction between the device
-/// attempting to log in and the OIDC provider.
-#[derive(Debug, Error)]
-pub enum DeviceAuhorizationOidcError {
-    /// A generic OIDC error happened while we were attempting to register the
-    /// device with the OIDC provider.
-    #[error(transparent)]
-    Oidc(#[from] crate::oidc::OidcError),
-
-    /// The issuer URL failed to be parsed.
-    #[error(transparent)]
-    InvalidIssuerUrl(#[from] url::ParseError),
-
-    /// There was an error with our device configuration right before attempting
-    /// to wait for the access token to be issued by the OIDC provider.
-    #[error(transparent)]
-    Configuration(#[from] ConfigurationError),
-
-    /// An error happened while we attempted to discover the authentication
-    /// issuer URL.
-    #[error(transparent)]
-    AuthenticationIssuer(HttpError),
-
-    /// An error happened while we attempted to request a device authorization
-    /// from the OIDC provider.
-    #[error(transparent)]
-    DeviceAuthorization(
-        #[from]
-        RequestTokenError<
-            HttpClientError<reqwest::Error>,
-            StandardErrorResponse<CoreErrorResponseType>,
-        >,
-    ),
-
-    /// An error happened while waiting for the access token to be issued and
-    /// sent to us by the OIDC provider.
-    #[error(transparent)]
-    RequestToken(
-        #[from]
-        RequestTokenError<
-            HttpClientError<reqwest::Error>,
-            StandardErrorResponse<DeviceCodeErrorResponseType>,
-        >,
-    ),
-
-    /// An error happened during the discovery of the OIDC provider metadata.
-    #[error(transparent)]
-    Discovery(#[from] DiscoveryError<HttpClientError<reqwest::Error>>),
-}
-
-impl DeviceAuhorizationOidcError {
-    /// If the [`DeviceAuhorizationOidcError`] is of the
-    /// [`DeviceCodeErrorResponseType`] error variant, return it.
-    pub fn as_request_token_error(&self) -> Option<&DeviceCodeErrorResponseType> {
-        let error = as_variant!(self, DeviceAuhorizationOidcError::RequestToken)?;
-        let request_token_error = as_variant!(error, RequestTokenError::ServerResponse)?;
-
-        Some(request_token_error.error())
-    }
-}
-
 /// Error type for failures in when receiving or sending messages over the
 /// secure channel.
 #[derive(Debug, Error)]