7 releases

new 0.2.3 Dec 10, 2024
0.2.2 Oct 24, 2024
0.2.0 Aug 16, 2024
0.1.2 Jul 9, 2024

#215 in HTTP client

Download history 2/week @ 2024-08-22 8/week @ 2024-09-12 18/week @ 2024-09-19 8/week @ 2024-09-26 147/week @ 2024-10-03 11/week @ 2024-10-10 127/week @ 2024-10-24 5/week @ 2024-10-31 3/week @ 2024-11-07 72/week @ 2024-12-05

72 downloads per month

MIT/Apache

47KB
910 lines

Unix only oidc-agent library for Rust

Description

This crate is an interface to oidc-agent IPC-API.

The oidc-agent must be running under the user system and OIDC_SOCK must be exported properly.

Obtaining access_token

Basic usage

To obtain access_token by account shortname run the following code in main.rs:

use oidc_agent_rs::{Agent, Error};

fn main() -> Result<(), Error> {
   let agent = Agent::new()?;
   let access_token = agent.get_access_token("profile_shortname")?;

   println!("{}", access_token.secret());
   Ok(())
}

The secret() method is required to obtain token as a &str value. Otherwise the Token pseudostruct would be returned.

Asynchronous Usage

For asynchronous programming, you need to enable the async feature and use the crate::async_impl::Agent. Here’s a basic example of obtaining an access_token asynchronously:

use oidc_agent_rs::async_impl::Agent;
use oidc_agent_rs::Error;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
   let agent = Agent::new().await?;

   let at = agent.get_access_token("profile_shortname").await?;
   println!("{}", at.secret());

   Ok(())
}

Cargo.toml

 [dependencies]
 oidc_agent_rs = { version = "0.2.0", features=["async"]}
 tokio = { version = "1.39.2", features = ["net", "io-util", "macros", "rt-multi-thread"] }

Advanced requests

To obtain access_token with more advanced options you have to use request builder. AccessTokenRequest has a method to easy build a new request. Then you have to send the request directly to the agent and parse the response.

Example:

use oidc_agent_rs::{requests::AccessTokenRequest, Agent, Error};

fn main() -> Result<(), Error> {
    let agent = Agent::new()?;
    
    //obtaining access_token by issuer only (no shortname needed)
    let at_request = AccessTokenRequest::builder()
        .issuer("https://issuer.url")?
        .min_valid_period(60)
        .build()?;

    let at_response = agent.send_request(at_request)?;

    println!("{}", at_response.access_token().secret());
    println!("{}", at_response.issuer());
    println!("{}", at_response.expires_at());

    Ok(())
}

Obtaining mytoken

Basic usage

Obtaining mytoken using only account shortname is very similar to obtaining access_token.

Example:

use oidc_agent_rs::{Agent, Error};

fn main() -> Result<(), Error> {
    let agent = Agent::new()?;

    let mytoken = agent.get_mytoken("mytoken")?;

    println!("{}", mytoken.secret());

    Ok(())
}

Once more the secret() method is used to obtain token as a &str value.

Advanced requests

If you want to obtain new mytoken using specific Mytoken profile, you have to create new Profile element. All profile objects documented in the Mytoken documentation are supported. You can add multiple Capability and Restriction elements and single Rotation element to the Profile. Then add the Profile element to the MyTokenRequest element.

Example:

 use oidc_agent_rs::mytoken::{Capability, Profile, Restriction, Rotation, TokenInfoPerms};
 use oidc_agent_rs::requests::MyTokenRequest;
 use oidc_agent_rs::{Agent, Error};

 fn main() -> Result<(), Error> {
     let agent = Agent::new()?;
     let mut profile = Profile::new();

     //basic capabilites
     let caps = vec![Capability::AT, Capability::TokenInfo(TokenInfoPerms::All)];

     //new restriction
     let restriction = Restriction::builder()
         .usages_AT(5) //number of mytoken max usages
         .add_geoip_allow(vec!["pl", "de"]) //geoip allowed regions
         .build();

     //basic rotation
     let rotation = Rotation::builder().set_on_AT().set_lifetime(1000).build()?;

     profile.add_capabilities(&caps);
     profile.add_restrictions(&vec![restriction]);
     profile.set_rotation(&rotation);

     let mt_request = MyTokenRequest::builder("mytoken")
         .mytoken_profile(&profile)
         .build()?;

     let mt_response = agent.send_request(mt_request)?;

     println!("{}", mt_response.mytoken().secret());

     Ok(())
 }

Dependencies

~3–13MB
~145K SLoC