项目作者: makarski

项目描述 :
Rust Google Oauth2 Client Implementation
高级语言: Rust
项目地址: git://github.com/makarski/rust_google_oauth2.git
创建时间: 2019-03-10T20:46:20Z
项目社区:https://github.com/makarski/rust_google_oauth2

开源协议:MIT License

下载


gauth

CodeScene Code Health

The library supports the following Google Auth flows:

  1. [dependencies]
  2. gauth = "0.8"

OAuth2

  1. Create your application in Google API Console
    a. Credentials > Create credentials > OAuth client ID
    b. Set application type to Other
    c. Enter your application name
    d. Download JSON configuration of the newly created application

Client implementation with defaults

  1. use gauth::app::Auth;
  2. #[tokio::main]
  3. async fn main() {
  4. let auth_client = Auth::from_file(
  5. "my_credentials.json",
  6. vec!["https://www.googleapis.com/auth/drive"],
  7. )
  8. .unwrap();
  9. let token = auth_client.access_token().await.unwrap();
  10. println!("access token: {}", token);
  11. }

It is also possible to make a blocking call to retrieve an access token. This may be helpful if we want to wrap the logic into a closure.

  1. [dependencies]
  2. gauth = { version = "0.8", features = ["app-blocking"] }
  1. use gauth::app::Auth;
  2. #[tokio::main]
  3. async fn main() {
  4. let ga = Auth::from_file(
  5. "client_secret.json",
  6. vec!["https://www.googleapis.com/auth/drive"]
  7. ).unwrap();
  8. let closure = move || {
  9. // add some logic here
  10. ga.access_token_blocking()
  11. };
  12. let token = closure().unwrap();
  13. println!("token from closure: {}", token);
  14. }

Custom app name and handler: access token will be stored in $HOME/.{app_name}/access_token.json

To assign a custom directory as access token caching, set env var value: GAUTH_TOKEN_DIR

  1. use gauth::app::Auth;
  2. use anyhow::Error as AnyError;
  3. #[tokio::main]
  4. async fn main() {
  5. let auth_handler = |consent_uri: String| -> Result<String, AnyError> {
  6. // business logic
  7. Ok("auth_code".to_owned())
  8. };
  9. let mut auth_client = Auth::from_file(
  10. "my_credentials.json",
  11. vec!["https://www.googleapis.com/auth/drive"],
  12. )
  13. .unwrap();
  14. let auth_client = auth_client.app_name("new_name").handler(auth_handler);
  15. let token = auth_client.access_token().await.unwrap();
  16. println!("access token: {}", token);
  17. }

Service Account

Follow instructions for creating a service account. After a service account key has been created,
it can be used to obtain an access token.

  1. use gauth::serv_account::ServiceAccount;
  2. #[tokio::main]
  3. async fn access_token() {
  4. let scopes = vec!["https://www.googleapis.com/auth/drive"];
  5. let key_path = "test_fixtures/service-account-key.json";
  6. let mut service_account = ServiceAccount::from_file(key_path, scopes);
  7. let access_token = service_account.access_token().await.unwrap();
  8. println!("access token {}:", access_token);
  9. }

Bridging sync and async code

The default implementation for acquiring the access token in this library is asynchronous. However, there are scenarios where a synchronous call is necessary. For instance, asynchronous signatures can be cumbersome when used with tonic middlewares. The difficulties of integrating synchronous and asynchronous code are outlined in this GitHub issue.

To resolve this, we adopted an experimental approach by developing a token_provider package. This package includes a Watcher trait, which has been implemented for both the app and serv_account packages. Each implementation of this trait spawns a daemon that periodically polls for and caches token updates at specified intervals. As a result, tokens are consistently refreshed through an asynchronous process. The retrieval of tokens is simplified to a synchronous function that reads from the internal cache.

  1. [dependencies]
  2. gauth = { version = "0.8", features = ["token-watcher"] }
  1. let service_account = ServiceAccount::from_file(&keypath, vec!["https://www.googleapis.com/auth/pubsub"]);
  2. let tp = AsyncTokenProvider::new(service_account).with_interval(5);
  3. // the token is updated every 5 seconds
  4. // and cached in AsyncTokenProvider
  5. tp.watch_updates().await;
  6. // sync call to get the access token
  7. let access_token = tp.access_token()?;

The full example can be found here

License

License under either or: