#Google #Cloud #Engine #Server #OAuth

goauth

Crate for authenticating Server to Server Apps for Google Cloud Engine

21 releases

new 0.8.0 Sep 14, 2020
0.7.2 Jul 20, 2020
0.7.1 Jun 4, 2020
0.6.1 Jan 23, 2020
0.1.2 Dec 29, 2016

#12 in Web programming

Download history 2300/week @ 2020-05-30 3267/week @ 2020-06-06 4726/week @ 2020-06-13 2569/week @ 2020-06-20 1905/week @ 2020-06-27 3985/week @ 2020-07-04 4467/week @ 2020-07-11 4175/week @ 2020-07-18 5423/week @ 2020-07-25 6341/week @ 2020-08-01 2038/week @ 2020-08-08 2571/week @ 2020-08-15 3333/week @ 2020-08-22 2605/week @ 2020-08-29 2939/week @ 2020-09-05 4252/week @ 2020-09-12

15,247 downloads per month
Used in 18 crates (4 directly)

MIT license

54KB
1K SLoC

build MIT licensed

rust-goauth [docs]

Crate for using OAuth 2.0 with Server to Server Applications for Google Cloud Engine, with tentative support for all supported Scopes. Supports sync or async requests via Futures.

Provides a serialisable Token struct for use in other applications that require authenticated interactions with Google Cloud.

Usage

#[macro_use]
extern crate log;

use goauth::auth::JwtClaims;
use goauth::scopes::Scope;
use goauth::{get_token, get_token_blocking, GoErr};
use goauth::credentials::Credentials;
use goauth::fetcher::TokenFetcher;
use smpl_jwt::{RSAKey, Jwt};
use time::Duration;

fn main() -> Result<(), GoErr>{
  let token_url = "https://www.googleapis.com/oauth2/v4/token";
  let iss = "<some-iss>"; // https://developers.google.com/identity/protocols/OAuth2ServiceAccount

  let credentials = Credentials::from_file("dummy_credentials_file_for_tests.json").unwrap();
  let claims = JwtClaims::new(String::from(iss),
                             &Scope::DevStorageReadWrite,
                             String::from(token_url),
                             None, None);
  let jwt = Jwt::new(claims, credentials.rsa_key().unwrap(), None);

  // Use async
  let token = async {
    match get_token(&jwt, &credentials).await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  // Or sync
  let token = get_token_blocking(&jwt, &credentials)?;

  // Token provides `access_token` method that outputs a value that should be placed in the Authorization header

  // Or use the TokenFetcher abstraction which will automatically refresh tokens
  let fetcher = TokenFetcher::new(jwt, credentials, Duration::new(1, 0));

  let token = async {
    match fetcher.fetch_token().await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  // Now a couple seconds later we want the token again - the initial token is cached so it will re-use
  // the same token, saving a network trip to fetch another token
  let new_token = async {
    match fetcher.fetch_token().await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  assert_eq!(token, new_token);

  // Now say the token has expired or is close to expiring ("close" defined by the configurable
  // `refresh_buffer` parameter) at this point "later in the program." The next call to
  // `fetch_token` will notice this and automatically fetch a new token, cache it, and return it.
  let new_token = async {
    match fetcher.fetch_token().await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  assert_ne!(token, new_token);

  Ok(())
}

Dependencies

~7–11MB
~237K SLoC