Hoist max_age to prevent incorrect deserialisation (#3190)

proto/src/oauth2.rs

@@ -49,6 +49,8 @@ pub struct AuthorisationRequest {
     // OIDC also allows other optional params
     #[serde(flatten)]
     pub oidc_ext: AuthorisationRequestOidc,
+    // Needs to be hoisted here due to serde flatten bug #3185
+    pub max_age: Option<i64>,
     #[serde(flatten)]
     pub unknown_keys: BTreeMap<String, serde_json::value::Value>,
 }
@@ -60,7 +62,6 @@ pub struct AuthorisationRequest {
 pub struct AuthorisationRequestOidc {
     pub display: Option<String>,
     pub prompt: Option<String>,
-    pub max_age: Option<i64>,
     pub ui_locales: Option<()>,
     pub claims_locales: Option<()>,
     pub id_token_hint: Option<String>,

server/lib/src/idm/oauth2.rs

@@ -2952,6 +2952,7 @@ mod tests {
                 scope: $scope,
                 nonce: Some("abcdef".to_string()),
                 oidc_ext: Default::default(),
+                max_age: None,
                 unknown_keys: Default::default(),
             };
 
@@ -3443,6 +3444,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3463,6 +3465,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3483,6 +3486,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3503,6 +3507,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3523,6 +3528,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3543,6 +3549,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3565,6 +3572,7 @@ mod tests {
             scope: "invalid_scope read".to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3585,6 +3593,7 @@ mod tests {
             scope: "read openid".to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3605,6 +3614,7 @@ mod tests {
             scope: "read openid".to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3898,6 +3908,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: Some("abcdef".to_string()),
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -3967,6 +3978,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: Some("abcdef".to_string()),
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -5169,6 +5181,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: Some("abcdef".to_string()),
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -5382,6 +5395,7 @@ mod tests {
             scope: "openid email".to_string(),
             nonce: Some("abcdef".to_string()),
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -5440,6 +5454,7 @@ mod tests {
             scope: "openid email".to_string(),
             nonce: Some("abcdef".to_string()),
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -5577,6 +5592,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -5654,6 +5670,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: None,
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };
 
@@ -6610,6 +6627,7 @@ mod tests {
             scope: OAUTH2_SCOPE_OPENID.to_string(),
             nonce: Some("abcdef".to_string()),
             oidc_ext: Default::default(),
+            max_age: None,
             unknown_keys: Default::default(),
         };