OAuth client implementing the OAuth 2.0 and OpenID Connect protocols for Microsoft identity platform

Purpose built as OAuth client for Microsoft Graph and the graph-rs-sdk project. This project can however be used outside graph-rs-sdk as an OAuth client for Microsoft Identity Platform or by using graph-rs-sdk.

For async:

graph-oauth = "1.0.2"
tokio = { version = "1.25.0", features = ["full"] }

For blocking:

graph-oauth = "1.0.2"

Feature Flags

• native-tls: Use the native-tls TLS backend (OpenSSL on *nix, SChannel on Windows, Secure Transport on macOS).
• rustls-tls: Use the rustls-tls TLS backend (cross-platform backend, only supports TLS 1.2 and 1.3).

Default features: default=["native-tls"]

These features enable the native-tls and rustls-tls features in the reqwest crate. For more info see the reqwest crate.

Supported Authorization Flows

Microsoft OneDrive and SharePoint

• Token Flow
• Code Flow

Microsoft Identity Platform

• Authorization Code Grant
• Authorization Code Grant PKCE
• Open ID Connect
• Implicit Grant
• Device Code Flow
• Client Credentials
• Resource Owner Password Credentials

For more extensive examples and explanations see the OAuth Examples in the examples/oauth directory on GitHub.

use graph_oauth::oauth::{AccessToken, OAuth};

fn main() {
    let mut oauth = OAuth::new();
    oauth
        .client_id("<YOUR_CLIENT_ID>")
        .client_secret("<YOUR_CLIENT_SECRET>")
        .add_scope("files.read")
        .add_scope("files.readwrite")
        .add_scope("files.read.all")
        .add_scope("files.readwrite.all")
        .add_scope("offline_access")
        .redirect_uri("http://localhost:8000/redirect")
        .authorize_url("https://login.microsoftonline.com/common/oauth2/v2.0/authorize")
        .access_token_url("https://login.microsoftonline.com/common/oauth2/v2.0/token")
        .refresh_token_url("https://login.microsoftonline.com/common/oauth2/v2.0/token")
        .response_type("code")
        .logout_url("https://login.microsoftonline.com/common/oauth2/v2.0/logout")
        .post_logout_redirect_uri("http://localhost:8000/redirect");

    let mut request = oauth.build().authorization_code_grant();
    
    // Opens the default browser.
    let _ = request.browser_authorization().open();
    
    // The access code will be appended to the url on redirect. Pass
    // this code to the OAuth instance:
    oauth.access_code("<ACCESS CODE>");

    // Perform an authorization code grant request for an access token:
    let response = request.access_token().send().await?;
    println!("{response:#?}");

    if response.status().is_success() {
        let mut access_token: AccessToken = response.json().await?;

        // Option<&JsonWebToken>
        let jwt = access_token.jwt();
        println!("{jwt:#?}");

        oauth.access_token(access_token);

        // If all went well here we can print out the OAuth config with the Access Token.
        println!("{:#?}", &oauth);
    } else {
        // See if Microsoft Graph returned an error in the Response body
        let result: reqwest::Result<serde_json::Value> = response.json().await;

        match result {
            Ok(body) => println!("{body:#?}"),
            Err(err) => println!("Error on deserialization:\n{err:#?}"),
        }
    }
}