refactor(auth-qrcode): Rename everything OIDC to OAuth 2.0

Signed-off-by: Kévin Commaille <[email protected]>

Author: zecakeh

bindings/matrix-sdk-ffi/src/client_builder.rs

@@ -104,7 +104,7 @@ impl From<qrcode::QRCodeLoginError> for HumanQrLoginError {
                 _ => HumanQrLoginError::Unknown,
             },
 
-            QRCodeLoginError::Oidc(e) => {
+            QRCodeLoginError::Oauth(e) => {
                 if let Some(e) = e.as_request_token_error() {
                     match e {
                         DeviceCodeErrorResponseType::AccessDenied => HumanQrLoginError::Declined,
@@ -153,8 +153,8 @@ pub enum QrLoginProgress {
         /// first digit is a zero.
         check_code_string: String,
     },
-    /// We are waiting for the login and for the OIDC provider to give us an
-    /// access token.
+    /// We are waiting for the login and for the OAuth 2.0 authorization server
+    /// to give us an access token.
     WaitingForToken { user_code: String },
     /// The login has successfully finished.
     Done,
@@ -673,8 +673,8 @@ impl ClientBuilder {
     ///
     /// This method will build the client and immediately attempt to log the
     /// client in using the provided [`QrCodeData`] using the login
-    /// mechanism described in [MSC4108]. As such this methods requires OIDC
-    /// support as well as sliding sync support.
+    /// mechanism described in [MSC4108]. As such this methods requires OAuth
+    /// 2.0 support as well as sliding sync support.
     ///
     /// The usage of the progress_listener is required to transfer the
     /// [`CheckCode`] to the existing client.

crates/matrix-sdk/src/authentication/qrcode/login.rs

@@ -30,7 +30,7 @@ use tracing::trace;
 use vodozemac::ecies::CheckCode;
 
 use super::{
-    messages::LoginFailureReason, oidc_client::OidcClient, DeviceAuhorizationOidcError,
+    messages::LoginFailureReason, oauth_client::OauthClient, DeviceAuthorizationOauthError,
     SecureChannelError,
 };
 #[cfg(doc)]
@@ -66,11 +66,13 @@ pub enum LoginProgress {
         /// The check code we need to, out of band, send to the other device.
         check_code: CheckCode,
     },
-    /// We're waiting for the OIDC provider to give us the access token. This
-    /// will only happen if the other device allows the OIDC provider to so.
+    /// We're waiting for the OAuth 2.0 authorization server to give us the
+    /// access token. This will only happen if the other device allows the
+    /// OAuth 2.0 authorization server to do so.
     WaitingForToken {
-        /// The user code the OIDC provider has given us, the OIDC provider
-        /// might ask the other device to enter this code.
+        /// The user code the OAuth 2.0 authorization server has given us, the
+        /// OAuth 2.0 authorization server might ask the other device to
+        /// enter this code.
         user_code: String,
     },
     /// The login process has completed.
@@ -115,20 +117,20 @@ impl<'a> IntoFuture for LoginWithQrCode<'a> {
             let check_code = channel.check_code().to_owned();
             self.state.set(LoginProgress::EstablishingSecureChannel { check_code });
 
-            // Register the client with the OIDC provider.
-            trace!("Registering the client with the OIDC provider.");
-            let oidc_client = self.register_client().await?;
+            // Register the client with the OAuth 2.0 authorization server.
+            trace!("Registering the client with the OAuth 2.0 authorization server.");
+            let oauth_client = self.register_client().await?;
 
             // We want to use the Curve25519 public key for the device ID, so let's generate
             // a new vodozemac `Account` now.
             let account = vodozemac::olm::Account::new();
             let public_key = account.identity_keys().curve25519;
             let device_id = public_key;
 
-            // Let's tell the OIDC provider that we want to log in using the device
-            // authorization grant described in [RFC8628](https://datatracker.ietf.org/doc/html/rfc8628).
+            // Let's tell the OAuth 2.0 authorization server that we want to log in using
+            // the device authorization grant described in [RFC8628](https://datatracker.ietf.org/doc/html/rfc8628).
             trace!("Requesting device authorization.");
-            let auth_grant_response = oidc_client.request_device_authorization(device_id).await?;
+            let auth_grant_response = oauth_client.request_device_authorization(device_id).await?;
 
             // Now we need to inform the other device of the login protocols we picked and
             // the URL they should use to log us in.
@@ -155,17 +157,17 @@ impl<'a> IntoFuture for LoginWithQrCode<'a> {
                 }
             }
 
-            // The OIDC provider may or may not show this user code to double check that
-            // we're talking to the right OIDC provider. Let us display this, so
+            // The OAuth 2.0 authorization server may or may not show this user code to
+            // double check that we're talking to the right server. Let us display this, so
             // the other device can double check this as well.
             let user_code = auth_grant_response.user_code();
             self.state
                 .set(LoginProgress::WaitingForToken { user_code: user_code.secret().to_owned() });
 
-            // Let's now wait for the access token to be provided to use by the OIDC
-            // provider.
-            trace!("Waiting for the OIDC provider to give us the access token.");
-            let session_tokens = match oidc_client.wait_for_tokens(&auth_grant_response).await {
+            // Let's now wait for the access token to be provided to use by the OAuth 2.0
+            // authorization server.
+            trace!("Waiting for the OAuth 2.0 authorization server to give us the access token.");
+            let session_tokens = match oauth_client.wait_for_tokens(&auth_grant_response).await {
                 Ok(t) => t,
                 Err(e) => {
                     // If we received an error, and it's one of the ones we should report to the
@@ -192,11 +194,11 @@ impl<'a> IntoFuture for LoginWithQrCode<'a> {
             };
             self.client.oidc().set_session_tokens(session_tokens);
 
-            // We only received an access token from the OIDC provider, we have no clue who
-            // we are, so we need to figure out our user ID now.
-            // TODO: This snippet is almost the same as the Oidc::finish_login_method(), why
-            // is that method even a public method and not called as part of the set session
-            // tokens method.
+            // We only received an access token from the OAuth 2.0 authorization server, we
+            // have no clue who we are, so we need to figure out our user ID
+            // now. TODO: This snippet is almost the same as the
+            // Oidc::finish_login_method(), why is that method even a public
+            // method and not called as part of the set session tokens method.
             trace!("Discovering our own user id.");
             let whoami_response =
                 self.client.whoami().await.map_err(QRCodeLoginError::UserIdDiscovery)?;
@@ -290,16 +292,17 @@ impl<'a> LoginWithQrCode<'a> {
         Ok(channel)
     }
 
-    async fn register_client(&self) -> Result<OidcClient, DeviceAuhorizationOidcError> {
+    async fn register_client(&self) -> Result<OauthClient, DeviceAuthorizationOauthError> {
         let oidc = self.client.oidc();
 
-        // Let's figure out the OIDC issuer, this fetches the info from the homeserver.
+        // Let's figure out the OAuth 2.0 issuer, this fetches the info from the
+        // homeserver.
         let issuer = oidc
             .fetch_authentication_issuer()
             .await
-            .map_err(DeviceAuhorizationOidcError::AuthenticationIssuer)?;
+            .map_err(DeviceAuthorizationOauthError::AuthenticationIssuer)?;
 
-        // Now we register the client with the OIDC provider.
+        // Now we register the client with the OAuth 2.0 authorization server.
         let registration_response =
             oidc.register_client(&issuer, self.client_metadata.clone(), None).await?;
 
@@ -317,7 +320,7 @@ impl<'a> LoginWithQrCode<'a> {
         let http_client = self.client.inner.http_client.clone();
         let server_metadata = oidc.provider_metadata().await?;
 
-        OidcClient::new(registration_response.client_id, &server_metadata, http_client)
+        OauthClient::new(registration_response.client_id, &server_metadata, http_client)
     }
 }
 
@@ -620,7 +623,10 @@ mod test {
         alice.send_json(message).await.unwrap();
     }
 
-    async fn mock_oidc_provider(server: &MockServer, token_response: ResponseTemplate) {
+    async fn mock_oauth_authorization_server(
+        server: &MockServer,
+        token_response: ResponseTemplate,
+    ) {
         Mock::given(method("GET"))
             .and(path("/_matrix/client/unstable/org.matrix.msc2965/auth_issuer"))
             .respond_with(ResponseTemplate::new(200).set_body_json(json!({
@@ -680,7 +686,8 @@ mod test {
         let rendezvous_server = MockedRendezvousServer::new(&server, "abcdEFG12345").await;
         let (sender, receiver) = tokio::sync::oneshot::channel();
 
-        mock_oidc_provider(&server, ResponseTemplate::new(200).set_body_json(token())).await;
+        mock_oauth_authorization_server(&server, ResponseTemplate::new(200).set_body_json(token()))
+            .await;
 
         Mock::given(method("GET"))
             .and(path("/_matrix/client/r0/account/whoami"))
@@ -775,7 +782,7 @@ mod test {
         let rendezvous_server = MockedRendezvousServer::new(&server, "abcdEFG12345").await;
         let (sender, receiver) = tokio::sync::oneshot::channel();
 
-        mock_oidc_provider(&server, token_response).await;
+        mock_oauth_authorization_server(&server, token_response).await;
 
         Mock::given(method("GET"))
             .and(path("/_matrix/client/r0/account/whoami"))
@@ -841,7 +848,7 @@ mod test {
         )
         .await;
 
-        assert_let!(Err(QRCodeLoginError::Oidc(e)) = result);
+        assert_let!(Err(QRCodeLoginError::Oauth(e)) = result);
         assert_eq!(
             e.as_request_token_error(),
             Some(&DeviceCodeErrorResponseType::AccessDenied),
@@ -859,7 +866,7 @@ mod test {
         )
         .await;
 
-        assert_let!(Err(QRCodeLoginError::Oidc(e)) = result);
+        assert_let!(Err(QRCodeLoginError::Oauth(e)) = result);
         assert_eq!(
             e.as_request_token_error(),
             Some(&DeviceCodeErrorResponseType::ExpiredToken),

crates/matrix-sdk/src/authentication/qrcode/mod.rs

@@ -14,13 +14,12 @@
 
 //! Types for the QR code login support defined in [MSC4108](https://github.com/matrix-org/matrix-spec-proposals/pull/4108).
 //!
-//! Please note, QR code logins are only supported when using OIDC as the
-//! auththentication mechanism, native Matrix authentication does not support
-//! it.
+//! Please note, QR code logins are only supported when using OAuth 2.0 as the
+//! authentication mechanism, native Matrix authentication does not support it.
 //!
 //! This currently only implements the case where the new device is scanning the
 //! QR code. To log in using a QR code, please take a look at the
-//! [`Oidc::login_with_qr_code()`] method
+//! [`Oidc::login_with_qr_code()`] method.
 
 use as_variant::as_variant;
 use matrix_sdk_base::crypto::SecretImportError;
@@ -39,7 +38,7 @@ use crate::{authentication::oidc::CrossProcessRefreshLockError, HttpError};
 
 mod login;
 mod messages;
-mod oidc_client;
+mod oauth_client;
 mod rendezvous_channel;
 mod secure_channel;
 
@@ -57,9 +56,10 @@ pub use self::{
 #[derive(Debug, Error)]
 #[cfg_attr(feature = "uniffi", derive(uniffi::Error), uniffi(flat_error))]
 pub enum QRCodeLoginError {
-    /// An error happened while we were communicating with the OIDC provider.
+    /// An error happened while we were communicating with the OAuth 2.0
+    /// authorization server.
     #[error(transparent)]
-    Oidc(#[from] DeviceAuhorizationOidcError),
+    Oauth(#[from] DeviceAuthorizationOauthError),
 
     /// The other device has signaled to us that the login has failed.
     #[error("The login failed, reason: {reason}")]
@@ -88,7 +88,8 @@ pub enum QRCodeLoginError {
     CrossProcessRefreshLock(#[from] CrossProcessRefreshLockError),
 
     /// An error happened while we were trying to discover our user and device
-    /// ID, after we have acquired an access token from the OIDC provider.
+    /// ID, after we have acquired an access token from the OAuth 2.0
+    /// authorization server.
     #[error(transparent)]
     UserIdDiscovery(HttpError),
 
@@ -108,13 +109,13 @@ pub enum QRCodeLoginError {
 }
 
 /// Error type describing failures in the interaction between the device
-/// attempting to log in and the OIDC provider.
+/// attempting to log in and the OAuth 2.0 authorization server.
 #[derive(Debug, Error)]
-pub enum DeviceAuhorizationOidcError {
-    /// A generic OIDC error happened while we were attempting to register the
-    /// device with the OIDC provider.
+pub enum DeviceAuthorizationOauthError {
+    /// A generic OAuth 2.0 error happened while we were attempting to register
+    /// the device with the OAuth 2.0 authorization server.
     #[error(transparent)]
-    Oidc(#[from] crate::authentication::oidc::OidcError),
+    Oauth(#[from] crate::authentication::oidc::OidcError),
 
     /// The OAuth 2.0 server doesn't support the device authorization grant.
     #[error("OAuth 2.0 server doesn't support the device authorization grant")]
@@ -126,23 +127,23 @@ pub enum DeviceAuhorizationOidcError {
     AuthenticationIssuer(HttpError),
 
     /// An error happened while we attempted to request a device authorization
-    /// from the OIDC provider.
+    /// from the Oauth 2.0 authorization server.
     #[error(transparent)]
     DeviceAuthorization(#[from] BasicRequestTokenError<HttpClientError<reqwest::Error>>),
 
     /// An error happened while waiting for the access token to be issued and
-    /// sent to us by the OIDC provider.
+    /// sent to us by the Oauth 2.0 authorization server.
     #[error(transparent)]
     RequestToken(
         #[from] RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse>,
     ),
 }
 
-impl DeviceAuhorizationOidcError {
-    /// If the [`DeviceAuhorizationOidcError`] is of the
+impl DeviceAuthorizationOauthError {
+    /// If the [`DeviceAuthorizationOauthError`] is of the
     /// [`DeviceCodeErrorResponseType`] error variant, return it.
     pub fn as_request_token_error(&self) -> Option<&DeviceCodeErrorResponseType> {
-        let error = as_variant!(self, DeviceAuhorizationOidcError::RequestToken)?;
+        let error = as_variant!(self, DeviceAuthorizationOauthError::RequestToken)?;
         let request_token_error = as_variant!(error, RequestTokenError::ServerResponse)?;
 
         Some(request_token_error.error())

crates/matrix-sdk/src/authentication/qrcode/oidc_client.rs renamed to crates/matrix-sdk/src/authentication/qrcode/oauth_client.rs

@@ -26,7 +26,7 @@ use oauth2::{
 };
 use vodozemac::Curve25519PublicKey;
 
-use super::DeviceAuhorizationOidcError;
+use super::DeviceAuthorizationOauthError;
 use crate::{authentication::oidc::OidcSessionTokens, http_client::HttpClient};
 
 /// Oauth 2.0 Basic client.
@@ -38,20 +38,21 @@ type OauthClientInner<
     HasTokenUrl = EndpointSet,
 > = BasicClient<HasAuthUrl, HasDeviceAuthUrl, HasIntrospectionUrl, HasRevocationUrl, HasTokenUrl>;
 
-/// An OIDC specific HTTP client.
+/// An OAuth 2.0 specific HTTP client.
 ///
-/// This is used to communicate with the OIDC provider exclusively.
-pub(super) struct OidcClient {
+/// This is used to communicate with the OAuth 2.0 authorization server
+/// exclusively.
+pub(super) struct OauthClient {
     inner: OauthClientInner,
     http_client: HttpClient,
 }
 
-impl OidcClient {
+impl OauthClient {
     pub(super) fn new(
         client_id: String,
         server_metadata: &VerifiedProviderMetadata,
         http_client: HttpClient,
-    ) -> Result<Self, DeviceAuhorizationOidcError> {
+    ) -> Result<Self, DeviceAuthorizationOauthError> {
         let client_id = ClientId::new(client_id);
 
         let token_endpoint = TokenUrl::from_url(server_metadata.token_endpoint().clone());
@@ -63,19 +64,19 @@ impl OidcClient {
             .device_authorization_endpoint
             .clone()
             .map(DeviceAuthorizationUrl::from_url)
-            .ok_or(DeviceAuhorizationOidcError::NoDeviceAuthorizationEndpoint)?;
+            .ok_or(DeviceAuthorizationOauthError::NoDeviceAuthorizationEndpoint)?;
 
         let oauth2_client = BasicClient::new(client_id)
             .set_token_uri(token_endpoint)
             .set_device_authorization_url(device_authorization_endpoint);
 
-        Ok(OidcClient { inner: oauth2_client, http_client })
+        Ok(Self { inner: oauth2_client, http_client })
     }
 
     pub(super) async fn request_device_authorization(
         &self,
         device_id: Curve25519PublicKey,
-    ) -> Result<StandardDeviceAuthorizationResponse, DeviceAuhorizationOidcError> {
+    ) -> Result<StandardDeviceAuthorizationResponse, DeviceAuthorizationOauthError> {
         let scopes = [
             ScopeToken::MatrixApi(MatrixApiScopeToken::Full),
             ScopeToken::try_with_matrix_device(device_id.to_base64()).expect(
@@ -99,7 +100,7 @@ impl OidcClient {
     pub(super) async fn wait_for_tokens(
         &self,
         details: &StandardDeviceAuthorizationResponse,
-    ) -> Result<OidcSessionTokens, DeviceAuhorizationOidcError> {
+    ) -> Result<OidcSessionTokens, DeviceAuthorizationOauthError> {
         let response = self
             .inner
             .exchange_device_access_token(details)