From f2d5c8a44787dbdc4009be25495975d348ee0fa7 Mon Sep 17 00:00:00 2001
From: Quentin Vernot <quentin.vernot@doctolib.com>
Date: Wed, 12 Jun 2024 12:59:39 +0200
Subject: [PATCH] chore(core): deprecate old OIDC flow

---
 src/core.rs           |  8 ++++++++
 src/verification.rs   |  5 +++++
 tests/verify_tests.rs | 13 +++++++++++++
 3 files changed, 26 insertions(+)

diff --git a/src/core.rs b/src/core.rs
index 4dede74..3a78f68 100644
--- a/src/core.rs
+++ b/src/core.rs
@@ -81,11 +81,19 @@ impl Core {
     }
 
     /// Creates a nonce to use during Oidc authorization code flow
+    #[deprecated(
+        since = "4.2.0",
+        note = "The entire OIDC flow has been reworked, this function has been deprecated as a result"
+    )]
     pub async fn create_oidc_nonce(&self) -> Result<String, Error> {
         unsafe { CTankerLib::get().create_oidc_nonce(self.ctanker).await }
     }
 
     /// Set the nonce to use for Oidc verification
+    #[deprecated(
+        since = "4.2.0",
+        note = "The entire OIDC flow has been reworked, this function has been deprecated as a result"
+    )]
     pub async fn set_oidc_test_nonce(&self, nonce: &str) -> Result<(), Error> {
         unsafe {
             CTankerLib::get()
diff --git a/src/verification.rs b/src/verification.rs
index 51d56ef..2707b9e 100644
--- a/src/verification.rs
+++ b/src/verification.rs
@@ -219,6 +219,10 @@ pub enum Verification {
     Passphrase(String),
     VerificationKey(String),
     #[allow(clippy::upper_case_acronyms)]
+    #[deprecated(
+        since = "4.2.0",
+        note = "The entire OIDC flow has been reworked, this verification method has been deprecated as a result, use Verification::OIDCAuthorizationCode instead"
+    )]
     OIDCIDToken(String),
     PhoneNumber {
         phone_number: String,
@@ -249,6 +253,7 @@ impl Verification {
                 CVerificationWrapper::with_passphrase(passphrase)
             }
             Verification::VerificationKey(key) => CVerificationWrapper::with_verification_key(key),
+            #[allow(deprecated)]
             Verification::OIDCIDToken(token) => CVerificationWrapper::with_oidc_id_token(token),
             Verification::PhoneNumber {
                 phone_number,
diff --git a/tests/verify_tests.rs b/tests/verify_tests.rs
index e04414e..ab6dae3 100644
--- a/tests/verify_tests.rs
+++ b/tests/verify_tests.rs
@@ -177,9 +177,12 @@ async fn unlock_with_oidc_id_token() -> Result<(), Box<dyn std::error::Error>> {
 
     let tanker = Core::new(app.make_options()).await?;
     tanker.start(&martine_identity).await?;
+    #[allow(deprecated)]
     let verif = Verification::OIDCIDToken(oidc_token);
 
+    #[allow(deprecated)]
     let nonce = tanker.create_oidc_nonce().await?;
+    #[allow(deprecated)]
     tanker.set_oidc_test_nonce(&nonce).await?;
     tanker
         .register_identity(&verif, &VerificationOptions::new())
@@ -187,7 +190,9 @@ async fn unlock_with_oidc_id_token() -> Result<(), Box<dyn std::error::Error>> {
     tanker.stop().await?;
 
     let tanker = Core::new(app.make_options()).await?;
+    #[allow(deprecated)]
     let nonce = tanker.create_oidc_nonce().await?;
+    #[allow(deprecated)]
     tanker.set_oidc_test_nonce(&nonce).await?;
     tanker.start(&martine_identity).await?;
     assert_eq!(tanker.status(), Status::IdentityVerificationNeeded);
@@ -553,9 +558,12 @@ async fn verify_identity_fail_with_preverified_oidc() -> Result<(), Box<dyn std:
 
     let tanker = Core::new(app.make_options()).await?;
     assert_eq!(tanker.start(id).await?, Status::IdentityRegistrationNeeded);
+    #[allow(deprecated)]
     let nonce = tanker.create_oidc_nonce().await?;
+    #[allow(deprecated)]
     tanker.set_oidc_test_nonce(&nonce).await?;
 
+    #[allow(deprecated)]
     let verif = Verification::OIDCIDToken(id_token);
     tanker
         .register_identity(&verif, &VerificationOptions::new())
@@ -718,6 +726,7 @@ async fn set_verification_method_with_preverified_oidc() -> Result<(), Box<dyn s
         *methods,
         [
             VerificationMethod::Passphrase,
+            #[allow(deprecated)]
             VerificationMethod::OIDCIDToken {
                 provider_id: oidc_provider.id,
                 provider_display_name: oidc_provider.display_name
@@ -729,8 +738,11 @@ async fn set_verification_method_with_preverified_oidc() -> Result<(), Box<dyn s
 
     let tanker = Core::new(app.make_options()).await?;
     tanker.start(id).await?;
+    #[allow(deprecated)]
     let nonce = tanker.create_oidc_nonce().await?;
+    #[allow(deprecated)]
     tanker.set_oidc_test_nonce(&nonce).await?;
+    #[allow(deprecated)]
     let verif = Verification::OIDCIDToken(id_token);
     tanker
         .verify_identity(&verif, &VerificationOptions::new())
@@ -774,6 +786,7 @@ async fn set_verification_method_with_oidc_authorization_code(
         methods,
         &[
             VerificationMethod::Passphrase,
+            #[allow(deprecated)]
             VerificationMethod::OIDCIDToken {
                 provider_id: oidc_provider.id.clone(),
                 provider_display_name: oidc_provider.display_name