middle 0.1.0

Client Authorization Middleware for APIs secured via OAuth2 or Bearer Tokens. Tonic & reqwest integration. Based on the `oauth2` crate.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

#![warn(
    missing_debug_implementations,
    rust_2018_idioms,
    unreachable_pub,
    clippy::pedantic
)]
#![forbid(unsafe_code)]

//! [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
//! [![Tests](https://github.com/vakamo-labs/middle-rs/actions/workflows/ci.yaml/badge.svg)](https://github.com/vakamo-labs/middle-rs/actions/workflows/ci.yaml)
//!
//! # Client Authentication Middleware
//!
//! This crate provides client authentication for HTTP and gRPC APIs. Features include:
//!
//! * Automatic token renewal when expired in a background task
//! * Thread-safe token management with interior mutability
//! * `reqwest` integration by using a wrapped `HttpClient`
//! * `tonic` integration via Interceptors
//! * Support for OAuth2 Client Credential flow
//! * Support for Bearer Token authentication
//! * Based on the `oauth2` crate
//! * Safe defaults - does not follow redirects and hides sensitive data in Debug
//! * More flows coming soon!
//!
//! # Example
//!
//! In the following example we create a `middle::HttpClient` that wraps a `reqwest::Client`.
//! The token is kept fresh with a background task of the `ClientCredentialAuthorizer`, so that the client always sends authorized requests.
//!
//! ```rust
//! use std::str::FromStr;
//!
//! use middle::SimpleClientCredentialAuthorizerBuilder;
//! use reqwest::Client;
//! use url::Url;
//!
//! #[tokio::main]
//! async fn main() {
//!     let client_id = "my-client-id";
//!     let client_secret = "my-client-secret";
//!     let token_endpoint = Url::from_str("https://identity.example.com/oauth2/token").unwrap();
//!
//!     // Create a new Authorizer. The Authorizer keeps the token refreshed in the background.
//!     let authorizer =
//!         SimpleClientCredentialAuthorizerBuilder::new(client_id, client_secret, token_endpoint)
//!             .add_scope("my-scope")
//!             .refresh_tolerance(std::time::Duration::from_secs(30)) // Refresh 30 seconds before expiry
//!             .build()
//!             .await
//!             .unwrap();
//!
//!     // The current authorization header. The header is always kept up-to-date.
//!     // Returns an error if the last refresh failed.
//!     let header = authorizer.authorization_header().unwrap();
//!
//!     // Generate a new reqwest Client and wrap it with `HttpClient`.
//!     let reqwest_client = Client::new();
//!     let client = middle::HttpClient::new(authorizer).set_client(reqwest_client);
//!
//!     // Start using the client - the authorization header is automatically added.
//!     let request = client.get("https://api.example.com/data").unwrap();
//!     let _response = request.send().await.unwrap();
//! }
//! ```
//!
//! ## Tonic Integration
//! ALl Authorizers implemented by the `middle` crate, implement `tonic::service::Interceptor` if the `tonic` feature is enabled.
//!
//! ```rust
//! use hello_world::{greeter_service_client::GreeterServiceClient, SayHelloRequest};
//! use middle::BearerTokenAuthorizer;
//! use tonic::transport::Endpoint;
//!
//! pub mod hello_world {
//!     tonic::include_proto!("helloworld");
//! }
//!
//! #[tokio::main]
//! async fn main() -> Result<(), Box<dyn std::error::Error>> {
//!     // All authorizers provided by the `middle` crate implement the `tonic::Interceptor` trait.
//!     let authorizer = BearerTokenAuthorizer::new("my-super-secret-token")?;
//!
//!     let channel = Endpoint::from_static("http://service.example.com:50051")
//!         .connect()
//!         .await?;
//!     // Use the authorizer as an interceptor.
//!     let mut client = GreeterServiceClient::with_interceptor(channel, authorizer);
//!
//!     // All following requests include the authorization header.
//!     let request = tonic::Request::new(SayHelloRequest {
//!         name: "Tonic".into(),
//!     });
//!
//!     let response = client.say_hello(request).await?;
//!
//!     println!("RESPONSE={:?}", response);
//!
//!     Ok(())
//! }
//! ```
//!
//! # Feature Flags
//!
//! - **all**: Includes `rustls-tls`, `tonic`, `client-credentials`, and `runtime-tokio`.
//! - **default**: Includes `rustls-tls`, `client-credentials`, and `runtime-tokio`.
//! - **rustls-tls**: Enables `reqwest/rustls-tls` and `reqwest/rustls-tls-native-roots`.
//! - **tonic**: Implement `tonic::service::Interceptor` for all Authorizers
//! - **runtime-tokio**: Enables the `tokio` runtime (currently the only supported async runtime). Some Authorizers depend on an async runtime to spawn refresh tasks.
//! - **client-credentials**: Enables the `ClientCredentialAuthorizer` for the OAuth2 Client Credential flow
//!

mod authorizers;
mod client;
pub mod error;
pub use authorizers::*;
pub use client::*;
pub use error::{Error, Result};