6 releases

0.8.0 Jun 26, 2024
0.7.1 May 16, 2024
0.7.0 Aug 27, 2023
0.5.0 Jul 24, 2023

#204 in Authentication

Download history 2/week @ 2024-03-27 3/week @ 2024-04-03 167/week @ 2024-05-15 7/week @ 2024-05-22 151/week @ 2024-06-26 32/week @ 2024-07-03

183 downloads per month

MIT license

814 lines


GitHub Repository GitHub Build Status Crates.io docs.rs

CliOAuth (pronounced "klee-oh-awth") is a utility to assist CLI/desktop application developers with implementing the OAuth 2.0 Authorization Code flow with PKCE.

To learn more about Auth Code w/ PKCE, Auth0 has a good tutorial.

The oauth2 crate provides an excellent OAuth2 client implementation. However, to support the Auth Code with PKCE flow in a native desktop application, a couple of additional pieces are necessary:

  • Launching a local web server to listen for the "authorization code" request
  • Launching a browser with the "authorization" link
  • Validating the CSRF token (i.e. the state parameter)

CliOAuth provides these pieces in an asynchronous and extensible way. It is designed to supplement the oauth2::Client struct, but not interfere with its normal usage.


  • Launch an asynchronous web server to handle the auth code request
    • Bind the server to any local address and non-privileged port
    • Scan for a range of ports to find the first open one
  • Open the user's browser to begin the authorization flow
  • Validate the authorization result and make it available for a code exchange
  • Customize the server responses in the browser
    • Successful authorization
    • Authorization error


General usage is as follows:

  1. Configure a CliOAuthBuilder to build a CliOAuth helper
  2. Configure an oauth2::Client
  3. Start the authorization flow
  4. Validate and obtain the authorization code
  5. Exchange the code for a token

See the Crate documentation for more details, including an example.


~520K SLoC