Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
graph-rs-sdk
Rust SDK Client for Microsoft Graph and Microsoft Identity Platform
Available on crates.io - v3.0.1 - Latest Stable Version
Feature Overview:
Microsoft Graph V1 and Beta API Client
- Wide support for Graph APIs
- Paging using Streaming, Channels, or Iterators
- Upload Sessions, OData Queries, and File Downloads
Microsoft Identity Platform (Getting Access Tokens)
- Auth Code, Client Credentials, Device Code, OpenId
- In Memory Token Cache
- Automatic Token Refresh
- Interactive WebView Auth (feature = interactive-auth)
- X509 Certificate (feature = openssl) and Proof Key Code Exchange (PKCE) Support
And much more. See Features for a more comprehensive list of features. See Cargo Feature Flags for features that can be enabled in the crate.
 = "3.0.1"
 = {  = "1.25.0",  = ["full"] }
For using types that implement serde Serialize as request bodies or passing serde's json macro:
 = {  = "1",  = ["derive"] }
 = "1"
To use stream features add the futures crate:
 = "0.3"
And import futures::StreamExt.
use StreamExt;
use *;
Features
Graph Client
- Usage
OAuth and Openid
- OAuth - Getting Access Tokens
- Identity Platform Support
- Credentials
- Automatic Token Refresh
- Currently only an in-memory token cache is available for token persistence. Development for other persistence mechanisms such as Azure Key Vault and Desktop mechanisms, such as MacOS KeyChain, are being actively developed and will be in a post-2.0.0 release. You can track this progress in https://github.com/sreeise/graph-rs-sdk/issues/432
 
- Interactive Authentication (WebView)
 
Identity Platform Auth Examples
- Auth Code Grant
- OpenId
- Client Credentials
- Url Builders For Flows Using Sign In To Get Authorization Code - Build Sign In Url
- Interactive Auth Examples (feature = interactive-auth)
- Certificate Auth (feature = openssl)
What APIs are available
The APIs available are generated from OpenApi configs that are stored in Microsoft's msgraph-metadata repository for the Graph Api. There may be some requests and/or APIs not yet included in this project that are in the OpenApi config but in general most of them are implemented.
Cargo Feature Flags
- interactive-auth: Interactive Authentication using web view on platforms that support it such as on a desktop. Uses the wry and tao crates for webview support. Supports Linux and Windows platforms. Currently, does not support MacOS - work for this is in progress.
- openssl: Enables support for using certificates in Client Credentials and Authorization Code auth flows. Additionally, enables related types such as X509Certificate for building/running certificate based auth flows.
- test-util: Enables test only features. Currently, this just enables the ability to turn off https only in the http client in order to use mocking frameworks with the crate. Other test related features may be added in the future.
- native-tls: Enables feature native-tls in the reqwest http-client. See the reqwest crate for more details.
- rustls-tls: Enables feature rustls-tls in the reqwest http-client. See the reqwest crate for more details.
- brotli: Enables feature brotli in the reqwest http-client. See the reqwest crate for more details.
- deflate: Enables feature deflate in the reqwest http-client. See the reqwest crate for more details.
- trust-dns: Enables feature trust-dns in the reqwest http-client. See the reqwest crate for more details.
- socks: Enables feature socks (socks proxy support) in the reqwest http-client. See the reqwest crate for more details.
Usage
For extensive examples see the examples directory on GitHub
Async and Blocking Client
The crate can do both an async and blocking requests.
Async Client (default)
graph-rs-sdk = "3.0.1"
tokio = { version = "1.25.0", features = ["full"] }
Example
use *;
async 
Blocking Client
To use the blocking client use the into_blocking() method. You should not
use tokio when using the blocking client.
graph-rs-sdk = "3.0.1"
Example
use *;
The send method
The send() method is the main method for sending a request and returns a Result<rewest::Response, GraphFailure>. See the
reqwest crate for information on the Response type.
use *;
pub async 
Response Errors/Error Types
While the crate does have its own error type and result you will probably want to use crates like anyhow due to the amount of possible errors that could occur.
If the Microsoft Graph API returned an error this is almost always in the body of the response.
The ResponseExt for async requests and BlockingResponseExt for blocking requests have convenience
methods that can be used to get the error message from the body of the response.
use ;
use Error;
async 
Custom Types
You can pass your own types to API requests that require a request body by implementing serde::Serialize.
You can implement your own types by utilizing methods from reqwest::Response. These types must implement serde::Deserialize.
See the reqwest crate for more info.
extern crate serde;
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
static ITEM_ID: &str = "ITEM_ID";
pub async 
Paging
Paging handles scenarios where the response body is a truncated version of the data and a URL is provided to continue calling and getting the rest of the data. Paging can consist of multiple links in the call chain.
The sdk provides convenience methods for getting all data in a paging scenario such as using next links or using delta links to track changes to Graph data.
If you just want a quick and easy way to get all next link responses or the JSON bodies you can use the paging().json() method which will exhaust all
next link calls and return all the responses in a VecDeque<Response<Result<T>>>. Keep in mind that the larger the volume of next link calls that need to be
made the longer the return delay will be when calling this method.
All paging methods have their response body read in order to get the @odata.nextLink URL for calling next link requests. Because of this
the original reqwest::Response is lost. However, the paging responses are re-wrapped in a Response object (http::Response) that is
similar to reqwest::Response.
See the Detailed Guide On Paging to learn more about using Paging calls in the SDK.
There are different levels of support for paging Microsoft Graph APIs. See the documentation, Paging Microsoft Graph data in your app, for more info on supported APIs and availability.
extern crate serde;
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
async 
The paging example shows a simple way to list users and call all next links. You can also stream the next link responses or use a channel receiver to get the responses.
Streaming
Streaming is only available using the async client.
use StreamExt;
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
pub async 
pub async 
Channels
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
async 
Using types that implement std::io::Read or tokio::io::AsyncReadExt
File Types
If your familiar with using the reqwest crate you can use the reqwest::Body and reqwest::blocking::Body
for working with files.
- You can pass std::fs::Fileandtokio::fs::Filedirectly:
use GraphClient;
async 
- The reqwest::Bodytype is reexported asgraph_rs_sdk::http::Bodyand thereqwest::blocking::Bodytype is reexported asgraph_rs_sdk::http::blocking::Body.
use GraphClient;
use ;
async 
- If you want to use the reqwest crate directly:
async 
Other types that implement std::io::Read or tokio::io::AsyncReadExt
You can use the helper type BodyRead:
use BodyRead;
use GraphClient;
async 
API Usage
The following shows a few examples of how to use the client and a few of the APIs.
OneDrive
Make requests to drive using a drive id or through specific drives for me, sites, users, and groups.
use *;
async 
Me API
async 
Users API
async 
Sites API
async 
Create a folder.
use *;
use HashMap;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
static FOLDER_NAME: &str = "NEW_FOLDER_NAME";
static PARENT_ID: &str = "PARENT_ID";
// For more info on creating a folder see:
// https://docs.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_post_children?view=odsp-graph-online
pub async 
Path based addressing for drive.
// Pass the path location of the item staring from the OneDrive root folder.
// Start the path with :/ and end with :
async 
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
async 
Create message
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
static MAIL_FOLDER_ID: &str = "MAIL_FOLDER_ID";
async 
Send mail
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
async 
Mail folders
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
static MAIL_FOLDER_ID: &str = "MAIL_FOLDER_ID";
async 
Get Inbox Messages
use *;
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
static USER_ID: &str = "USER_ID";
async 
Use your own struct. Anything that implements serde::Serialize can be used for things like creating messages for mail or creating a folder for OneDrive.
extern crate serde;
use *;
async 
OData Queries
use *;
async 
Batch Requests
Call multiple Graph APIs in a single request.
use *;
static USER_ID: &str = "USER_ID";
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
async 
Id vs Non-Id methods (such as user("user-id") vs users())
Many of the available APIs have methods that do not require an id for a resource as well as many of the APIs have methods that do require an id. For most all of these resources the methods are implemented in this sdk by using two different naming schemes and letting the user go directly to the methods they want.
As en example, the users API can list users without an id, and you can find list_users()
by calling the users() method whereas getting a specific user requires a users id
and you can find get_users() by calling user<ID: AsRef<str>>(id: ID) method.
Using the users() method:
use *;
// For more info on users see: https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
// For more examples see the examples directory on GitHub.
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
async 
Using the user id user<ID: AsRef<str>>(id: ID) method:
use *;
// For more info on users see: https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
// For more examples see the examples directory on GitHub
static ACCESS_TOKEN: &str = "ACCESS_TOKEN";
static USER_ID: &str = "USER_ID";
async 
OAuth - Getting Access Tokens
Use application builders to store your auth configuration and have the client handle the access token requests for you.
Support for:
- OpenId, Auth Code Grant, Client Credentials, Device Code, Certificate Auth
- Automatic Token Refresh
- Interactive Authentication | features = [interactive-auth]
- Device Code Polling
- Authorization Using Certificates | features = [openssl]
Detailed Examples:
- Identity Platform Auth Examples
- Url Builders For Flows Using Sign In To Get Authorization Code - Building Sign In Url
- Interactive Auth Examples (feature = interactive-auth)
- Certificate Auth (feature = openssl)
There are two main types for building your chosen OAuth or OpenId Connect Flow.
- PublicClientApplication
- ConfidentialClientApplication
Once you have built a ConfidentialClientApplication or a PublicClientApplication
you can pass these to the graph client.
Automatic token refresh is also done by passing the ConfidentialClientApplication or the
PublicClientApplication to the GraphClient client.
For more extensive examples see the OAuth Examples in the examples/oauth directory on GitHub.
Identity Platform Support
The following flows from the Microsoft Identity Platform are supported:
- Authorization Code Grant
- Authorization Code Grant PKCE
- Authorization Code Grant Certificate
- Open ID Connect
- Device Code Flow
- Client Credentials
- Client Credentials With Certificate
- Resource Owner Password Credentials
You can use the url builders for those flows that require an authorization code using a redirect after sign in you can use
Credentials
Authorization Code Grant
The authorization code grant is considered a confidential client (except in the hybrid flow) and we can get an access token by using the authorization code returned in the query of the URL on redirect after sign in is performed by the user.
Once you have the authorization code you can pass this to the client and the client will perform the request to get an access token on the first graph api call that you make.
Authorization Code Secret
use ;
async 
Authorization Code Secret With Proof Key Code Exchange
use ;
use lazy_static;
use Url;
// You can also pass your own values for PKCE instead of automatic generation by
// calling ProofKeyCodeExchange::new(code_verifier, code_challenge, code_challenge_method)
lazy_static! 
Spa Authorization Code With Proof Key Code Exchange
For use with Spa applications which does not use a client secret.
use ;
use lazy_static;
use Url;
lazy_static! 
Client Credentials
The OAuth 2.0 client credentials grant flow permits a web service (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service. The grant specified in RFC 6749, sometimes called two-legged OAuth, can be used to access web-hosted resources by using the identity of an application. This type is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user, and is often referred to as daemons or service accounts.
Client credentials flow requires a one time administrator acceptance of the permissions for your apps scopes. To see an example of building the URL to sign in and accept permissions as an administrator see Admin Consent Example
Client Secret Credential
use ;
pub async 
Environment Credentials
Client Secret Environment Credential
Environment Variables:
- AZURE_TENANT_ID (Optional/Recommended - puts the tenant id in the authorization url)
- AZURE_CLIENT_ID (Required)
- AZURE_CLIENT_SECRET (Required)
Resource Owner Password Credential
Environment Variables:
- AZURE_TENANT_ID (Optional - puts the tenant id in the authorization url)
- AZURE_CLIENT_ID (Required)
- AZURE_USERNAME (Required)
- AZURE_PASSWORD (Required)
Automatic Token Refresh
The client stores tokens using an in memory cache. For other persistence mechanisms see Token Persistence Mechanism Development
Using automatic token refresh requires getting a refresh token as part of the token response.
To get a refresh token you must include the offline_access scope.
Automatic token refresh is done by passing the ConfidentialClientApplication or the
PublicClientApplication to the GraphClient client.
If you are using the client credentials grant you do not need the offline_access scope.
Tokens will still be automatically refreshed as this flow does not require using a refresh token to get
a new access token.
The example below uses the auth code grant.
First create the url where the user will sign in. After sign in the user will be redirected back to your app and the authentication code will be in the query of the uri.
Once you have the authorization code you can build a confidential client and pass it to the graph client.
async 
Token Persistence Mechanism Development
Currently only an in-memory token cache is available for token persistence. Development for other persistence mechanisms such as Azure Key Vault and Desktop mechanisms, such as MacOS KeyChain, are being actively developed and will be in a post-2.0.0 release. You can track this progress in https://github.com/sreeise/graph-rs-sdk/issues/432
Interactive Authentication
Requires Feature interactive-auth
WARNING: Running interactive-auth in an asynchronous context may lead to crashes in some scenarios. We recommend thoroughly testing in order to ensure you are able to use interactive-auth for your use case. Additionally, Device code interactive auth does not currently work in async code. We are working to address these issues in a post 2.0.0 release.
[]
 = {  = "...",  = ["interactive-auth"] }
Interactive Authentication uses the wry crate to run web view on platforms that support it such as on a desktop.
use ;
async 
Contributing
See the Contributions guide on GitHub
Wiki:
See the GitHub Wiki
Feature requests or Bug reports
For bug reports please file an issue on GitHub and a response or fix will be given as soon as possible.
The Discussions tab on GitHub is enabled so feel free to stop by there with any questions or feature requests as well. For bugs, please file an issue first. Features can be requested through issues or discussions. Either way works. Other than that feel free to ask questions, provide tips to others, and talk about the project in general.