6 releases
0.8.0 | Jun 26, 2024 |
---|---|
0.7.1 | May 16, 2024 |
0.7.0 | Aug 27, 2023 |
0.5.0 | Jul 24, 2023 |
#204 in Authentication
45KB
814 lines
CliOAuth
CliOAuth (pronounced "klee-oh-awth") is a utility to assist CLI/desktop application developers with implementing the OAuth 2.0 Authorization Code flow with PKCE.
To learn more about Auth Code w/ PKCE, Auth0 has a good tutorial.
The oauth2
crate provides an excellent OAuth2 client implementation. However, to support the Auth Code with PKCE
flow in a native desktop application, a couple of additional pieces are necessary:
- Launching a local web server to listen for the "authorization code" request
- Launching a browser with the "authorization" link
- Validating the CSRF token (i.e. the
state
parameter)
CliOAuth provides these pieces in an asynchronous and extensible way. It is designed to supplement the oauth2::Client
struct, but not interfere with its normal usage.
Status
- Launch an asynchronous web server to handle the auth code request
- Bind the server to any local address and non-privileged port
- Scan for a range of ports to find the first open one
- Open the user's browser to begin the authorization flow
- Validate the authorization result and make it available for a code exchange
- Customize the server responses in the browser
- Successful authorization
- Authorization error
Usage
General usage is as follows:
- Configure a
CliOAuthBuilder
to build aCliOAuth
helper - Configure an
oauth2::Client
- Start the authorization flow
- Validate and obtain the authorization code
- Exchange the code for a token
See the Crate documentation for more details, including an example.
Dependencies
~18–31MB
~490K SLoC