Struct OAuthClient

Source

pub struct OAuthClient { /* private fields */ }

Expand description

Async OpenAI OAuth client for authentication

This client handles the OAuth 2.0 flow with PKCE for OpenAI/ChatGPT authentication using asynchronous operations (runtime-agnostic).

For blocking/synchronous operations, use blocking::OAuthClient (requires the blocking feature).

§Example

use openai_auth::{OAuthClient, OAuthConfig};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = OAuthClient::new(OAuthConfig::default())?;
    let flow = client.start_flow()?;
     
    println!("Visit: {}", flow.authorization_url);
    // User authorizes and you get the code...
     
    let tokens = client.exchange_code("code", &flow.pkce_verifier).await?;
    println!("Got tokens!");
    Ok(())
}

Implementations§

Source §

impl OAuthClient

Source

pub fn new(config: OAuthConfig) -> Result<Self>

Create a new OAuth client with the given configuration

§Arguments

config - OAuth configuration (client ID, endpoints, redirect URI)

§Errors

Returns an error if the configuration is invalid

Source

pub fn start_flow(&self) -> Result<OAuthFlow>

Start the OAuth authorization flow

This generates a PKCE challenge and creates the authorization URL that the user should visit to authorize the application.

§Returns

An OAuthFlow containing the authorization URL, PKCE verifier, and CSRF state token

§Example

let client = OAuthClient::new(OAuthConfig::default())?;
let flow = client.start_flow()?;
println!("Visit: {}", flow.authorization_url);

Source

pub fn extract_account_id(&self, access_token: &str) -> Result<String>

Extract ChatGPT account ID from an access token

OpenAI access tokens contain the ChatGPT account ID in their JWT claims. This is useful for making API requests that require the account ID.

§Arguments

access_token - The access token to extract the account ID from

§Returns

The ChatGPT account ID as a string

§Errors

Returns an error if the JWT is malformed or doesn’t contain the account ID

Source

pub async fn exchange_code( &self, code: &str, verifier: &str, ) -> Result<TokenSet>

Exchange an authorization code for access and refresh tokens

After the user authorizes the application, they’ll receive an authorization code. This method exchanges that code for access and refresh tokens.

§Arguments

code - The authorization code from the OAuth callback
verifier - The PKCE verifier from the original flow

§Returns

A TokenSet containing access token, refresh token, and expiration time

§Errors

Returns an error if the token exchange fails (invalid code, network error, etc.)

§Example

let code = "authorization_code_from_callback";
let tokens = client.exchange_code(code, &flow.pkce_verifier).await?;
println!("Access token expires in: {:?}", tokens.expires_in());

Source

pub async fn refresh_token(&self, refresh_token: &str) -> Result<TokenSet>

Refresh an expired access token

When an access token expires, use the refresh token to obtain a new access token without requiring the user to re-authorize.

§Arguments

refresh_token - The refresh token from a previous token exchange

§Returns

A new TokenSet with fresh access token

§Errors

Returns an error if the refresh fails (invalid refresh token, network error, etc.)

§Example

if tokens.is_expired() {
    let new_tokens = client.refresh_token(&tokens.refresh_token).await?;
    println!("Refreshed! New token expires in: {:?}", new_tokens.expires_in());
}