6 releases (breaking)
Uses new Rust 2024
| 0.6.0 | Jul 19, 2025 |
|---|---|
| 0.5.0 | Jun 22, 2025 |
| 0.4.0 | May 31, 2025 |
| 0.3.0 | Apr 27, 2025 |
| 0.1.0 | Mar 22, 2025 |
#594 in Authentication
411 downloads per month
75KB
1K
SLoC
tiny_google_oidc
Tiny library for Google's OpenID Connect.
Implementation in server flow
google document
Feature
- Generate a CSRF Token
- Generate an authentication request URL (code) for Google
- Verify CSRF token and retrieve id_token
- Exchange code for id_token (using reqwest)
- Decode id_token (Base64URLDecode) to get user information
- Refresh access token using refresh token (using reqwest)
- Revoke access/refresh token (using reqwest)
Caution
This library is designed for direct communication with Google over HTTPS.
It does not validate the id_token when converting it to a JWT,
so the id_token cannot be passed to other components of your app.
See document
Example
Here's hou you can use this library with the axum framework.
1. Create Config
First, We create Config struct the is including Client ID, Secrets, etc...
let oidc_cfg = ConfigBuilder::new()
.auth_endpoint("https://accounts.google.com/o/oauth2/auth")
.client_id("my_client_id")
.client_secret("my_client_secret")
.token_endpoint("https://oauth2.googleapis.com/token")
.redirect_uri("http://localhost/auth/callback")
.build();
2. Login Handler
Here's an example handler to start the login flow.
async fn login(
State(app_state): State<Arc<AppState>>,
jar: CookieJar,
) -> Result<impl IntoResponse, AppError> {
// 1. generate redirect information for the OIDC authentication flow
let (csrf_token, _nonce, redirect_uri) = generate_auth_redirect(
&app_state.oidc_cfg,
AccessType::Online,
AdditionalScope::Both,
)
.map_err(WrapOIDCError)?;
// 2. Generate a key to store the csrf_token in Redis or memory,
// and store it
// 3. Create and set a cookie
// ...(please implement these part as appropirate for your application)
// 4. Set the Cookie ant redirect to the authorization server
Ok((jar.add(cookie), Redirect::to(&redirect_uri)))
}
3. Callback Handler
Here’s an example of a callback handler for when the provider (like Google) redirects back.
async fn callback(
State(app_state): State<Arc<AppState>>,
jar: CookieJar,
req: Request,
) -> Result<impl IntoResponse, AppError> {
// 1. Retrieve the csrf_token key from the cookie, then fetch the stored csrf_token
// 2. Verify the CSRF token & build the IDToken request
let id_token_req = create_id_token_request(&app_state.oidc_cfg, &csrf_token_val, req)
.map_err(WrapOIDCError)?;
// 3. Send request to Google
let id_token_res = send_id_token_req(&id_token_req)
.await
.map_err(WrapOIDCError)?;
// 4. Encode the IDToken from the raw string
let id_token = IDToken::from_id_token_raw(id_token_res.id_token()).map_err(WrapOIDCError)?;
// print id_token
println!("----IDToken----");
println!("{id_token:#?}");
Ok((StatusCode::OK, "login success"))
}
Of course, you can use this library with other framework as well!
See example for more detailes.
Contributing
We are currently working on the official contribution guidelines.
However, we welcome bug reports, feature requests, and questions via GitHub Issues!
Your feedback is very much appreciated and will help make this library better for everyone.
Thank you for your interest and support!
License
tiny_google_oidc is provided under the MIT license.See LICENSE
Dependencies
~9–18MB
~237K SLoC