micromegas_auth/
default_provider.rs

1//! Default authentication provider initialization for Micromegas services.
2//!
3//! This module provides the standard way to initialize authentication with both
4//! API key and OIDC providers from environment variables.
5
6use crate::api_key::{ApiKeyAuthProvider, parse_key_ring};
7use crate::multi::MultiAuthProvider;
8use crate::oidc::{OidcAuthProvider, OidcConfig};
9use crate::types::AuthProvider;
10use micromegas_tracing::info;
11use std::sync::Arc;
12
13/// Initializes the default authentication provider with API key and OIDC from environment.
14///
15/// Reads configuration from:
16/// - `MICROMEGAS_API_KEYS`: JSON array of API keys
17/// - `MICROMEGAS_OIDC_*`: OIDC configuration (see `OidcConfig::from_env`)
18///
19/// Returns `Ok(Some(...))` if at least one provider is configured.
20/// Returns `Ok(None)` if no providers are configured (auth disabled).
21/// Returns `Err` on configuration errors.
22///
23/// # Example
24///
25/// ```rust,no_run
26/// use micromegas_auth::default_provider::provider;
27///
28/// # async fn example() -> anyhow::Result<()> {
29/// let auth_provider = provider().await?;
30/// if let Some(provider) = auth_provider {
31///     println!("Authentication enabled");
32/// } else {
33///     println!("No authentication configured");
34/// }
35/// # Ok(())
36/// # }
37/// ```
38pub async fn provider() -> anyhow::Result<Option<Arc<dyn AuthProvider>>> {
39    // Initialize API key provider if configured
40    let api_key_provider = match std::env::var("MICROMEGAS_API_KEYS") {
41        Ok(keys_json) => {
42            let keyring = parse_key_ring(&keys_json)?;
43            info!("API key authentication enabled");
44            Some(Arc::new(ApiKeyAuthProvider::new(keyring)) as Arc<dyn AuthProvider>)
45        }
46        Err(_) => {
47            info!("MICROMEGAS_API_KEYS not set - API key auth disabled");
48            None
49        }
50    };
51
52    // Initialize OIDC provider if configured
53    let oidc_provider = match OidcConfig::from_env() {
54        Ok(config) => {
55            info!("Initializing OIDC authentication");
56            Some(Arc::new(OidcAuthProvider::new(config).await?) as Arc<dyn AuthProvider>)
57        }
58        Err(e) => {
59            info!("OIDC not configured ({e}) - OIDC auth disabled");
60            None
61        }
62    };
63
64    // Build multi-provider from available providers
65    let mut multi = MultiAuthProvider::new();
66    if let Some(provider) = api_key_provider {
67        multi = multi.with_provider(provider);
68    }
69    if let Some(provider) = oidc_provider {
70        multi = multi.with_provider(provider);
71    }
72
73    // Return None if no providers configured
74    if multi.is_empty() {
75        return Ok(None);
76    }
77
78    Ok(Some(Arc::new(multi) as Arc<dyn AuthProvider>))
79}