diff --git a/src/pam.rs b/src/pam.rs
index c6e3eb87028fb63562b3095a49421fe7de8481fe..4cf3ba9e08ad9ab45d2c20642455f7d37b97b375 100644
--- a/src/pam.rs
+++ b/src/pam.rs
@@ -53,9 +53,25 @@ fn get_or_pam_error(config: &Config, key: &str) -> Result<String, PamError> {
}
}
+fn get_optional(config: &Config, key: &str) -> Option<String> {
+ match config.get_str(key) {
+ Ok(v) => {
+ debug!("Configuration key found: {} = {}", key, v);
+ return Some(v);
+ },
+ Err(_) => {
+ debug!("Configuration key not found (optional): {}", key);
+ return None;
+ },
+ }
+}
+
fn do_legacy_auth(username: String, password: String, config: Config) -> Result<BasicTokenResponse, PamError> {
let client_id = ClientId::new(get_or_pam_error(&config, "pam.client_id")?);
- let client_secret = ClientSecret::new(get_or_pam_error(&config, "pam.client_secret")?);
+ let client_secret = match get_optional(&config, "pam.client_secret") {
+ Some(v) => Some(ClientSecret::new(v)),
+ None => None,
+ };
let auth_url = match AuthUrl::new(get_or_pam_error(&config, "pam.auth_url")?) {
Ok(u) => u,
_ => {
@@ -63,16 +79,19 @@ fn do_legacy_auth(username: String, password: String, config: Config) -> Result<
return Err(PamError::SERVICE_ERR);
},
};
- let token_url = match TokenUrl::new(get_or_pam_error(&config, "pam.token_url")?){
- Ok(u) => u,
- _ => {
- error!("Could not parse token URL");
- return Err(PamError::SERVICE_ERR);
+ let token_url = match get_optional(&config, "pam.token_url") {
+ Some(v) => match TokenUrl::new(v) {
+ Ok(u) => Some(u),
+ Err(_) => {
+ error!("Could not parse token URL");
+ return Err(PamError::SERVICE_ERR);
+ }
},
+ None => None,
};
let scope = get_or_pam_error(&config, "pam.scope")?;
- let client = BasicClient::new(client_id, Some(client_secret), auth_url, Some(token_url));
+ let client = BasicClient::new(client_id, client_secret, auth_url, token_url);
let result = client
.exchange_password(
&ResourceOwnerUsername::new(username),