#oauth2

clio-auth

OAuth 2 helper library for CLI and desktop applications

6 releases

0.8.0 Jun 26, 2024
0.7.1 May 16, 2024
0.7.0 Aug 27, 2023
0.5.0 Jul 24, 2023

#196 in Authentication

MIT license

45KB
814 lines

CliOAuth

GitHub Repository GitHub Build Status Crates.io docs.rs

CliOAuth (pronounced "klee-oh-awth") is a utility to assist CLI/desktop application developers with implementing the OAuth 2.0 Authorization Code flow with PKCE.

To learn more about Auth Code w/ PKCE, Auth0 has a good tutorial.

The oauth2 crate provides an excellent OAuth2 client implementation. However, to support the Auth Code with PKCE flow in a native desktop application, a couple of additional pieces are necessary:

  • Launching a local web server to listen for the "authorization code" request
  • Launching a browser with the "authorization" link
  • Validating the CSRF token (i.e. the state parameter)

CliOAuth provides these pieces in an asynchronous and extensible way. It is designed to supplement the oauth2::Client struct, but not interfere with its normal usage.

Status

  • Launch an asynchronous web server to handle the auth code request
    • Bind the server to any local address and non-privileged port
    • Scan for a range of ports to find the first open one
  • Open the user's browser to begin the authorization flow
  • Validate the authorization result and make it available for a code exchange
  • Customize the server responses in the browser
    • Successful authorization
    • Authorization error

Usage

General usage is as follows:

  1. Configure a CliOAuthBuilder to build a CliOAuth helper
  2. Configure an oauth2::Client
  3. Start the authorization flow
  4. Validate and obtain the authorization code
  5. Exchange the code for a token

See the Crate documentation for more details, including an example.

Dependencies

~17–30MB
~492K SLoC