Skip to main content

dtokenz/
lib.rs

1//! # dtokenz
2//!
3//! The`dtokenz` crate adds a higher level abstraction over [google-cloud-auth](https://docs.rs/google-cloud-auth/latest/google_cloud_auth/) that makes configuration and use simpler.
4//!
5//! The goal of this rust library is to make retrieving an authentication token for use in other binaries as simple as possible, regardless of the environment that it is being called in, and with as little interactivity as possible. This simplification of the API is a key advantage over other tools like [gcloud](https://docs.cloud.google.com/sdk/gcloud) and [oauth2l](https://github.com/google/oauth2l), where each type of account (service account, MDS client, etc) have different interfaces, and have to be taken into account for every client application. At the same time, this library also makes it so that the [GCP rust library](https://github.com/googleapis/google-cloud-rust) can still be used with its own [native authentication types](https://docs.rs/google-cloud-auth/latest/google_cloud_auth/credentials/struct.Credentials.html).
6//!
7//! This library supports fetching both [access tokens](https://docs.cloud.google.com/docs/authentication/token-types#access-tokens), and [id tokens](https://cloud.google.com/docs/authentication/token-types#id) for:
8//! - Authorized Users (individuals in a GCP organization)
9//! - Service Accounts via private key
10//! - Service Accounts via Google Metadata Service for hosts running in GCP.
11//!
12//! The main entry point to this library is the [`auto_detect`]/[`auto_detect_singleton`] method. See its documentation for more details about how `dtokenz` decides to authenticate.
13//! The only configuration needed is an instance of [`oauth_config::OAuthConfig`]
14//!
15//! ## Example
16//!
17//!```rust,no_run
18//! use dtokenz::{TokenSource, CLOUD_SDK_CONFIG, auto_detect_singleton, DtokenzConfig};
19//! #[tokio::main]
20//! async fn main() -> anyhow::Result<()> {
21//!     let interactive_auth_message = "Opening browser to %url%";
22//!     let token_source = auto_detect_singleton(
23//!         CLOUD_SDK_CONFIG.clone(),
24//!         &CLOUD_SDK_CONFIG.web.default_scopes,
25//!         DtokenzConfig {
26//!            interactive: true,
27//!            interactive_auth_message: Some(interactive_auth_message.to_owned()),
28//!            ..DtokenzConfig::default()
29//!         }
30//!     ).await?;
31//!     let access_token = token_source.get_access_token().await?;
32//!     let id_token = token_source.get_id_token().await?;
33//!     eprintln!("Got access token {}, id token {}", access_token.token, id_token.token);
34//!     Ok(())
35//! }
36//! ```
37
38#![deny(clippy::all)]
39#![allow(clippy::uninlined_format_args)]
40#![deny(clippy::unwrap_used)]
41
42pub mod application_default_credentials;
43pub mod authorized_user;
44pub mod config;
45pub mod metadata_service;
46pub mod oauth_config;
47pub mod service_account;
48mod state;
49pub mod token_source;
50
51pub use authorized_user::AuthorizedUser;
52pub use config::DtokenzConfig;
53pub use metadata_service::MetadataService;
54pub use oauth_config::CLOUD_SDK_CONFIG;
55pub use oauth_config::OAuthConfig;
56pub use service_account::ServiceAccount;
57pub use token_source::TokenSource;
58pub use token_source::auto_detect;
59pub use token_source::auto_detect_singleton;