feat(workos): add OAuth and SSO buttons to index action (#163)

DanielleHuisman · web-flow · commit 52f5d7238528 · 2025-08-19T22:22:13.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/examples/dioxus-axum/.env.example b/examples/dioxus-axum/.env.example
@@ -0,0 +1,2 @@
+# WorkOS (optional)
+# WORKOS_API_KEY =
diff --git a/examples/dioxus-axum/Cargo.toml b/examples/dioxus-axum/Cargo.toml
@@ -18,6 +18,7 @@ server = [
     "dep:shield-dioxus-axum",
     "dep:shield-memory",
     "dep:shield-oidc",
+    "dep:shield-workos",
     "dep:tokio",
     "dep:tower-sessions",
     "dioxus/server",
@@ -35,6 +36,7 @@ shield-dioxus.workspace = true
 shield-dioxus-axum = { workspace = true, optional = true }
 shield-memory = { workspace = true, optional = true }
 shield-oidc = { workspace = true, features = ["native-tls"], optional = true }
+shield-workos = { workspace = true, optional = true }
 tokio = { workspace = true, features = ["rt-multi-thread"], optional = true }
 tower-sessions = { workspace = true, optional = true }
 tracing.workspace = true
diff --git a/examples/dioxus-axum/src/main.rs b/examples/dioxus-axum/src/main.rs
@@ -15,18 +15,19 @@ fn main() {
 #[cfg(feature = "server")]
 #[tokio::main]
 async fn main() {
-    use std::sync::Arc;
+    use std::{env, sync::Arc};
 
     use axum::Router;
     use dioxus::{
         cli_config::fullstack_address_or_localhost,
         prelude::{DioxusRouterExt, *},
     };
-    use shield::{Shield, ShieldOptions};
+    use shield::{ErasedMethod, Method, Shield, ShieldOptions};
     use shield_bootstrap::BootstrapDioxusStyle;
     use shield_dioxus_axum::{AxumDioxusIntegration, ShieldLayer};
     use shield_memory::{MemoryStorage, User};
     use shield_oidc::{Keycloak, OidcMethod};
+    use shield_workos::{WorkosMethod, WorkosOauthProvider, WorkosOptions};
     use tokio::net::TcpListener;
     use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer, cookie::time::Duration};
     use tracing::{Level, info};
@@ -45,21 +46,39 @@ async fn main() {
     let storage = MemoryStorage::new();
     let shield = Shield::new(
         storage.clone(),
-        vec![Arc::new(
-            OidcMethod::new(storage).with_providers([Keycloak::builder(
-                "keycloak",
-                "http://localhost:18080/realms/Shield",
-                "client1",
-            )
-            .client_secret("xcpQsaGbRILTljPtX4npjmYMBjKrariJ")
-            .redirect_url(format!(
-                "http://localhost:{}/api/auth/oidc/sign-in-callback/keycloak",
-                dioxus::cli_config::devserver_raw_addr()
-                    .map(|addr| addr.port())
-                    .unwrap_or_else(|| addr.port())
-            ))
-            .build()]),
-        )],
+        [
+            Some(Arc::new(
+                OidcMethod::new(storage).with_providers([Keycloak::builder(
+                    "keycloak",
+                    "http://localhost:18080/realms/Shield",
+                    "client1",
+                )
+                .client_secret("xcpQsaGbRILTljPtX4npjmYMBjKrariJ")
+                .redirect_url(format!(
+                    "http://localhost:{}/api/auth/oidc/sign-in-callback/keycloak",
+                    dioxus::cli_config::devserver_raw_addr()
+                        .map(|addr| addr.port())
+                        .unwrap_or_else(|| addr.port())
+                ))
+                .build()]),
+            ) as Arc<dyn ErasedMethod>),
+            env::var("WORKOS_API_KEY").ok().map(|api_key| {
+                Arc::new(
+                    WorkosMethod::from_api_key(&api_key).with_options(
+                        WorkosOptions::builder()
+                            .oauth_providers(vec![
+                                WorkosOauthProvider::AppleOAuth,
+                                WorkosOauthProvider::GoogleOAuth,
+                                WorkosOauthProvider::MicrosoftOAuth,
+                            ])
+                            .build(),
+                    ),
+                ) as Arc<dyn ErasedMethod>
+            }),
+        ]
+        .into_iter()
+        .flatten()
+        .collect(),
         ShieldOptions::default(),
     );
     let shield_layer = ShieldLayer::new(shield.clone());
diff --git a/packages/core/shield/src/action.rs b/packages/core/shield/src/action.rs
@@ -40,7 +40,7 @@ pub trait Action<P: Provider>: ErasedAction + Send + Sync {
         Ok(true)
     }
 
-    fn forms(&self, provider: P) -> Vec<Form>;
+    async fn forms(&self, provider: P) -> Result<Vec<Form>, ShieldError>;
 
     async fn call(
         &self,
@@ -62,7 +62,10 @@ pub trait ErasedAction: Send + Sync {
         session: Session,
     ) -> Result<bool, ShieldError>;
 
-    fn erased_forms(&self, provider: Box<dyn Any + Send + Sync>) -> Vec<Form>;
+    async fn erased_forms(
+        &self,
+        provider: Box<dyn Any + Send + Sync>,
+    ) -> Result<Vec<Form>, ShieldError>;
 
     async fn erased_call(
         &self,
@@ -89,8 +92,8 @@ macro_rules! erased_action {
                 self.condition(provider.downcast_ref().expect("TODO"), session)
             }
 
-            fn erased_forms(&self, provider: Box<dyn std::any::Any + Send + Sync>) -> Vec<$crate::Form> {
-                self.forms(*provider.downcast().expect("TODO"))
+            async fn erased_forms(&self, provider: Box<dyn std::any::Any + Send + Sync>) -> Result<Vec<$crate::Form>, $crate::ShieldError> {
+                self.forms(*provider.downcast().expect("TODO")).await
             }
 
             async fn erased_call(
diff --git a/packages/core/shield/src/actions/sign_out.rs b/packages/core/shield/src/actions/sign_out.rs
@@ -31,14 +31,14 @@ impl SignOutAction {
             }))
     }
 
-    pub fn forms<P: Provider>(_provider: P) -> Vec<Form> {
-        vec![Form {
+    pub async fn forms<P: Provider>(_provider: P) -> Result<Vec<Form>, ShieldError> {
+        Ok(vec![Form {
             inputs: vec![Input {
                 name: "submit".to_owned(),
                 label: None,
                 r#type: InputType::Submit(InputTypeSubmit {}),
                 value: Some(Self::name()),
             }],
-        }]
+        }])
     }
 }
diff --git a/packages/core/shield/src/shield.rs b/packages/core/shield/src/shield.rs
@@ -107,7 +107,7 @@ impl<U: User> Shield<U> {
                     continue;
                 }
 
-                let forms = action.erased_forms(provider);
+                let forms = action.erased_forms(provider).await?;
                 for form in forms {
                     provider_forms.push(ActionProviderForm {
                         id: provider_id.clone(),
diff --git a/packages/methods/shield-credentials/src/actions/sign_in.rs b/packages/methods/shield-credentials/src/actions/sign_in.rs
@@ -31,8 +31,8 @@ impl<U: User + 'static, D: DeserializeOwned + 'static> Action<CredentialsProvide
         SignInAction::name()
     }
 
-    fn forms(&self, _provider: CredentialsProvider) -> Vec<Form> {
-        vec![self.credentials.form()]
+    async fn forms(&self, _provider: CredentialsProvider) -> Result<Vec<Form>, ShieldError> {
+        Ok(vec![self.credentials.form()])
     }
 
     async fn call(
diff --git a/packages/methods/shield-credentials/src/actions/sign_out.rs b/packages/methods/shield-credentials/src/actions/sign_out.rs
@@ -23,8 +23,8 @@ impl Action<CredentialsProvider> for CredentialsSignOutAction {
         SignOutAction::condition(provider, session)
     }
 
-    fn forms(&self, provider: CredentialsProvider) -> Vec<Form> {
-        SignOutAction::forms(provider)
+    async fn forms(&self, provider: CredentialsProvider) -> Result<Vec<Form>, ShieldError> {
+        SignOutAction::forms(provider).await
     }
 
     async fn call(
diff --git a/packages/methods/shield-oauth/src/actions/sign_in.rs b/packages/methods/shield-oauth/src/actions/sign_in.rs
@@ -1,8 +1,8 @@
 use async_trait::async_trait;
 use oauth2::{CsrfToken, PkceCodeChallenge, Scope, url::form_urlencoded::parse};
 use shield::{
-    Action, ConfigurationError, Form, Request, Response, Session, SessionError, ShieldError,
-    SignInAction, erased_action,
+    Action, ConfigurationError, Form, Input, InputType, InputTypeSubmit, Provider, Request,
+    Response, Session, SessionError, ShieldError, SignInAction, erased_action,
 };
 
 use crate::{
@@ -23,8 +23,15 @@ impl Action<OauthProvider> for OauthSignInAction {
         SignInAction::name()
     }
 
-    fn forms(&self, _provider: OauthProvider) -> Vec<Form> {
-        vec![Form { inputs: vec![] }]
+    async fn forms(&self, provider: OauthProvider) -> Result<Vec<Form>, ShieldError> {
+        Ok(vec![Form {
+            inputs: vec![Input {
+                name: "submit".to_owned(),
+                label: None,
+                r#type: InputType::Submit(InputTypeSubmit::default()),
+                value: Some(format!("Sign in with {}", provider.name())),
+            }],
+        }])
     }
 
     async fn call(
diff --git a/packages/methods/shield-oauth/src/actions/sign_in_callback.rs b/packages/methods/shield-oauth/src/actions/sign_in_callback.rs
@@ -143,8 +143,8 @@ impl<U: User + 'static> Action<OauthProvider> for OauthSignInCallbackAction<U> {
         SignInCallbackAction::condition(provider, session)
     }
 
-    fn forms(&self, _provider: OauthProvider) -> Vec<Form> {
-        vec![Form { inputs: vec![] }]
+    async fn forms(&self, _provider: OauthProvider) -> Result<Vec<Form>, ShieldError> {
+        Ok(vec![])
     }
 
     async fn call(
diff --git a/packages/methods/shield-oauth/src/actions/sign_out.rs b/packages/methods/shield-oauth/src/actions/sign_out.rs
@@ -19,8 +19,8 @@ impl Action<OauthProvider> for OauthSignOutAction {
         SignOutAction::condition(provider, session)
     }
 
-    fn forms(&self, provider: OauthProvider) -> Vec<Form> {
-        SignOutAction::forms(provider)
+    async fn forms(&self, provider: OauthProvider) -> Result<Vec<Form>, ShieldError> {
+        SignOutAction::forms(provider).await
     }
 
     async fn call(
diff --git a/packages/methods/shield-oauth/src/options.rs b/packages/methods/shield-oauth/src/options.rs
@@ -4,7 +4,7 @@ use bon::Builder;
 #[builder(on(String, into), state_mod(vis = "pub(crate)"))]
 pub struct OauthOptions {
     #[builder(default = "/")]
-    pub sign_in_redirect: String,
+    pub(crate) sign_in_redirect: String,
 }
 
 impl Default for OauthOptions {
diff --git a/packages/methods/shield-oidc/src/actions/sign_in.rs b/packages/methods/shield-oidc/src/actions/sign_in.rs
@@ -26,15 +26,15 @@ impl Action<OidcProvider> for OidcSignInAction {
         SignInAction::name()
     }
 
-    fn forms(&self, provider: OidcProvider) -> Vec<Form> {
-        vec![Form {
+    async fn forms(&self, provider: OidcProvider) -> Result<Vec<Form>, ShieldError> {
+        Ok(vec![Form {
             inputs: vec![Input {
                 name: "submit".to_owned(),
                 label: None,
                 r#type: InputType::Submit(InputTypeSubmit::default()),
                 value: Some(format!("Sign in with {}", provider.name())),
             }],
-        }]
+        }])
     }
 
     async fn call(
diff --git a/packages/methods/shield-oidc/src/actions/sign_in_callback.rs b/packages/methods/shield-oidc/src/actions/sign_in_callback.rs
@@ -154,8 +154,8 @@ impl<U: User + 'static> Action<OidcProvider> for OidcSignInCallbackAction<U> {
         SignInCallbackAction::condition(provider, session)
     }
 
-    fn forms(&self, _provider: OidcProvider) -> Vec<Form> {
-        vec![Form { inputs: vec![] }]
+    async fn forms(&self, _provider: OidcProvider) -> Result<Vec<Form>, ShieldError> {
+        Ok(vec![])
     }
 
     async fn call(
diff --git a/packages/methods/shield-oidc/src/actions/sign_out.rs b/packages/methods/shield-oidc/src/actions/sign_out.rs
@@ -19,8 +19,8 @@ impl Action<OidcProvider> for OidcSignOutAction {
         SignOutAction::condition(provider, session)
     }
 
-    fn forms(&self, provider: OidcProvider) -> Vec<Form> {
-        SignOutAction::forms(provider)
+    async fn forms(&self, provider: OidcProvider) -> Result<Vec<Form>, ShieldError> {
+        SignOutAction::forms(provider).await
     }
 
     async fn call(
diff --git a/packages/methods/shield-oidc/src/options.rs b/packages/methods/shield-oidc/src/options.rs
@@ -4,7 +4,7 @@ use bon::Builder;
 #[builder(on(String, into), state_mod(vis = "pub(crate)"))]
 pub struct OidcOptions {
     #[builder(default = "/")]
-    pub sign_in_redirect: String,
+    pub(crate) sign_in_redirect: String,
 }
 
 impl Default for OidcOptions {
diff --git a/packages/methods/shield-workos/src/actions/index.rs b/packages/methods/shield-workos/src/actions/index.rs
diff --git a/packages/methods/shield-workos/src/actions/sign_in.rs b/packages/methods/shield-workos/src/actions/sign_in.rs
diff --git a/packages/methods/shield-workos/src/actions/sign_out.rs b/packages/methods/shield-workos/src/actions/sign_out.rs
diff --git a/packages/methods/shield-workos/src/actions/sign_up.rs b/packages/methods/shield-workos/src/actions/sign_up.rs
diff --git a/packages/methods/shield-workos/src/lib.rs b/packages/methods/shield-workos/src/lib.rs
diff --git a/packages/methods/shield-workos/src/method.rs b/packages/methods/shield-workos/src/method.rs
diff --git a/packages/methods/shield-workos/src/options.rs b/packages/methods/shield-workos/src/options.rs

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# WorkOS (optional)`
	`2`	`+# WORKOS_API_KEY =`
Original file line number	Diff line number	Diff line change
`@@ -31,14 +31,14 @@ impl SignOutAction {`
`31`	`31`	`}))`
`32`	`32`	`}`
`33`	`33`
`34`		`- pub fn forms<P: Provider>(_provider: P) -> Vec<Form> {`
`35`		`- vec![Form {`
	`34`	`+ pub async fn forms<P: Provider>(_provider: P) -> Result<Vec<Form>, ShieldError> {`
	`35`	`+ Ok(vec![Form {`
`36`	`36`	`inputs: vec![Input {`
`37`	`37`	`name: "submit".to_owned(),`
`38`	`38`	`label: None,`
`39`	`39`	`r#type: InputType::Submit(InputTypeSubmit {}),`
`40`	`40`	`value: Some(Self::name()),`
`41`	`41`	`}],`
`42`		`- }]`
	`42`	`+ }])`
`43`	`43`	`}`
`44`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ impl<U: User> Shield<U> {`
`107`	`107`	`continue;`
`108`	`108`	`}`
`109`	`109`
`110`		`- let forms = action.erased_forms(provider);`
	`110`	`+ let forms = action.erased_forms(provider).await?;`
`111`	`111`	`for form in forms {`
`112`	`112`	`provider_forms.push(ActionProviderForm {`
`113`	`113`	`id: provider_id.clone(),`
Original file line number	Diff line number	Diff line change
`@@ -31,8 +31,8 @@ impl<U: User + 'static, D: DeserializeOwned + 'static> Action<CredentialsProvide`
`31`	`31`	`SignInAction::name()`
`32`	`32`	`}`
`33`	`33`
`34`		`- fn forms(&self, _provider: CredentialsProvider) -> Vec<Form> {`
`35`		`- vec![self.credentials.form()]`
	`34`	`+ async fn forms(&self, _provider: CredentialsProvider) -> Result<Vec<Form>, ShieldError> {`
	`35`	`+ Ok(vec![self.credentials.form()])`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`async fn call(`
Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,8 @@ impl Action<CredentialsProvider> for CredentialsSignOutAction {`
`23`	`23`	`SignOutAction::condition(provider, session)`
`24`	`24`	`}`
`25`	`25`
`26`		`- fn forms(&self, provider: CredentialsProvider) -> Vec<Form> {`
`27`		`- SignOutAction::forms(provider)`
	`26`	`+ async fn forms(&self, provider: CredentialsProvider) -> Result<Vec<Form>, ShieldError> {`
	`27`	`+ SignOutAction::forms(provider).await`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`async fn call(`