o42sdk 0.1.9

Official OAuth42 SDK for Rust - OAuth2/OIDC client library with Actix-web, Axum, and Rocket support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

# OAuth42 Rust SDK (o42sdk)

Official Rust SDK for OAuth42, providing comprehensive OAuth2/OIDC client functionality with framework integrations for Actix-web and Axum.

## Features

- ✅ OAuth2 Authorization Code Flow with PKCE
- ✅ Token management and automatic refresh
- ✅ OIDC Discovery support
- ✅ Session management with pluggable stores
- ✅ Framework middleware for Actix-web and Axum
- ✅ Type-safe API with comprehensive error handling
- ✅ Example applications demonstrating best practices

## Installation

Add to your `Cargo.toml`:

```toml
[dependencies]
o42sdk = { version = "0.1", features = ["actix"] }  # For Actix-web
# or
o42sdk = { version = "0.1", features = ["axum"] }   # For Axum
```

## Quick Start

### Basic Usage

```rust
use o42sdk::{OAuth42Client, Config};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create client from environment variables
    let config = Config::from_env()?;
    let mut client = OAuth42Client::new(config)?;
    
    // Discover endpoints
    client.discover().await?;
    
    // Build authorization URL with PKCE
    let auth_url = client.authorize_url().await?
        .generate_state()
        .set_pkce_challenge()
        .add_scope("openid")
        .add_scope("profile")
        .add_scope("email")
        .build();
    
    // Redirect user to auth_url...
    
    Ok(())
}
```

### Actix-web Integration

```rust
use actix_web::{web, App, HttpServer};
use o42sdk::{OAuth42Client, OAuth42Auth, Config};
use std::sync::Arc;

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    let config = Config::from_env().expect("Failed to load config");
    let client = Arc::new(OAuth42Client::new(config).expect("Failed to create client"));
    
    HttpServer::new(move || {
        App::new()
            .wrap(OAuth42Auth::new(client.clone()))
            .route("/protected", web::get(protected_handler))
    })
    .bind("127.0.0.1:8080")?
    .run()
    .await
}

async fn protected_handler(user: OAuth42User) -> impl Responder {
    format!("Hello, {}!", user.0.sub)
}
```

### Axum Integration

```rust
use axum::{Router, routing::get};
use o42sdk::{OAuth42Client, oauth42_auth, OAuth42User, Config};
use std::sync::Arc;

#[tokio::main]
async fn main() {
    let config = Config::from_env().expect("Failed to load config");
    let client = Arc::new(OAuth42Client::new(config).expect("Failed to create client"));
    
    let app = Router::new()
        .route("/protected", get(protected_handler))
        .layer(oauth42_auth(client));
    
    let listener = tokio::net::TcpListener::bind("127.0.0.1:8080")
        .await.unwrap();
    axum::serve(listener, app).await.unwrap();
}

async fn protected_handler(OAuth42User(user): OAuth42User) -> String {
    format!("Hello, {}!", user.sub)
}
```

## Configuration

### Environment Variables

```bash
OAUTH42_CLIENT_ID=your-client-id
OAUTH42_CLIENT_SECRET=your-client-secret

# Issuer URL formats:
# Multi-tenant (subdomain): https://{tenant}.oauth42.com
# Single-tenant/Demo: https://oauth42.com
# Local development: https://localhost:8443
OAUTH42_ISSUER=https://acme.oauth42.com

OAUTH42_REDIRECT_URI=http://localhost:3000/callback
OAUTH42_SCOPES=openid profile email
OAUTH42_AUDIENCE=https://api.example.com  # Optional
```

### Programmatic Configuration

```rust
use o42sdk::Config;

let config = Config::builder()
    .client_id("your-client-id")
    .client_secret("your-client-secret")
    .issuer("https://acme.oauth42.com")?  // Tenant subdomain
    .redirect_uri("http://localhost:3000/callback")?
    .add_scope("openid")
    .add_scope("profile")
    .audience("https://api.example.com")
    .build()?;
```

## Example Applications

The SDK includes two complete example applications:

### o42client1 - Web Application (Actix-web)
- Server-side rendered templates
- Session-based authentication
- Login/logout flow with PKCE
- User dashboard

### o42client2 - API Service (Axum)  
- RESTful API with JWT validation
- Stateless authentication
- Protected endpoints
- Token introspection

## Running Examples

```bash
# Web application example
cd o42client1
cp .env.example .env  # Configure your OAuth42 settings
cargo run

# API service example  
cd o42client2
cp .env.example .env  # Configure your OAuth42 settings
cargo run
```

## Testing

```bash
# Run all tests
cargo test --all

# Unit tests only
cargo test --lib

# Integration tests (requires mock server)
cargo test --test '*'
```

## API Documentation

Key types and functions:

- `OAuth42Client` - Main client for OAuth2 operations
- `Config` - Client configuration
- `TokenResponse` - Access/refresh token response
- `UserInfo` - OpenID Connect user information
- `OAuth42Auth` - Actix-web middleware
- `oauth42_auth()` - Axum layer factory
- `OAuth42User` - Authenticated user extractor

## License

Copyright (c) 2024 OAuth42, Inc. All rights reserved.

This SDK is proprietary software provided by OAuth42, Inc. for use with OAuth42 services.
See LICENSE file for terms and conditions.