Lib.rs

Web programming
#google-cloud #cloud #google #oauth #jwt #engine #server

goauth

Crate for authenticating Server to Server Apps for Google Cloud Engine

by Drazen Urch

32 releases

0.14.0 Oct 17, 2023
0.13.1 Jul 20, 2022
0.13.0 May 22, 2022
0.11.1 Jan 20, 2022
0.1.2 Dec 29, 2016

#1 in #oauth

Download history 55652/week @ 2023-12-06 58299/week @ 2023-12-13 43100/week @ 2023-12-20 13141/week @ 2023-12-27 43028/week @ 2024-01-03 35263/week @ 2024-01-10 44336/week @ 2024-01-17 52289/week @ 2024-01-24 42816/week @ 2024-01-31 48037/week @ 2024-02-07 40902/week @ 2024-02-14 39436/week @ 2024-02-21 53587/week @ 2024-02-28 48321/week @ 2024-03-06 51102/week @ 2024-03-13 35393/week @ 2024-03-20

197,647 downloads per month
Used in 93 crates (12 directly)

MIT license

59KB
1K SLoC

build MIT licensed

rust-goauth [docs]

Crate for using OAuth 2.0 with Server to Server Applications for Google Cloud Engine, with tentative support for all supported Scopes. Supports sync or async requests via Futures.

Provides a serialisable Token struct for use in other applications that require authenticated interactions with Google Cloud.

Usage

#[macro_use]
extern crate log;

use goauth::auth::JwtClaims;
use goauth::scopes::Scope;
use goauth::{get_token, get_token_blocking, GoErr};
use goauth::credentials::Credentials;
use goauth::fetcher::TokenFetcher;
use smpl_jwt::{RSAKey, Jwt};
use time::Duration;

fn main() -> Result<(), GoErr>{
  let token_url = "https://www.googleapis.com/oauth2/v4/token";
  let iss = "<some-iss>"; // https://developers.google.com/identity/protocols/OAuth2ServiceAccount

  let credentials = Credentials::from_file("dummy_credentials_file_for_tests.json").unwrap();
  let claims = JwtClaims::new(String::from(iss),
                             &Scope::DevStorageReadWrite,
                             String::from(token_url),
                             None, None);
  let jwt = Jwt::new(claims, credentials.rsa_key().unwrap(), None);

  // Use async
  let token = async {
    match get_token(&jwt, &credentials).await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  // Or sync
  let token = get_token_blocking(&jwt, &credentials)?;

  // Token provides `access_token` method that outputs a value that should be placed in the Authorization header

  // Or use the TokenFetcher abstraction which will automatically refresh tokens
  let fetcher = TokenFetcher::new(jwt, credentials, Duration::new(1, 0));

  let token = async {
    match fetcher.fetch_token().await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  // Now a couple seconds later we want the token again - the initial token is cached so it will re-use
  // the same token, saving a network trip to fetch another token
  let new_token = async {
    match fetcher.fetch_token().await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  assert_eq!(token, new_token);

  // Now say the token has expired or is close to expiring ("close" defined by the configurable
  // `refresh_buffer` parameter) at this point "later in the program." The next call to
  // `fetch_token` will notice this and automatically fetch a new token, cache it, and return it.
  let new_token = async {
    match fetcher.fetch_token().await {
      Ok(token) => token,
      Err(e) => panic!(e)
    }
  };

  assert_ne!(token, new_token);

  Ok(())
}

Dependencies

~8–24MB
~386K SLoC