Crate service_authenticator

Source
Expand description

This library is derived from yup-oauth2. Many of the doc comments are still refering to the original library.

This library can be used to acquire oauth2.0 authentication for services.

For your application to use this library, you will have to obtain an application id and secret by following this guide (for Google services) respectively the documentation of the API provider you want to connect to.

§Service account “flow”

When using service account credentials, no user interaction is required. The access token can be obtained automatically using the private key of the client (which you can download from the API provider). See service_account for an example on how to use service account credentials. See developers.google.com for a detailed description of the protocol. This crate implements OAuth for Service Accounts based on the Google APIs; it may or may not work with other providers.

The returned Token will be stored in memory in order to authorize future API requests to the same scopes. The tokens can optionally be persisted to disk by using persist_tokens_to_disk when creating the authenticator.

The following example, shows the basics of using this crate:

use service_authenticator::parse_service_key;
use service_authenticator::AuthenticatorBuilder as AB;

static SERVICE_CREDENTIALS:&[u8] = include_bytes!("path to jour credentials.json");
// The clientsecret file contains JSON like `{"type":"service_account", "project_id":"my-super-project", ...}`
#[tokio::main]
async fn main() {
    let service_key = parse_service_key(SERVICE_CREDENTIALS)
       .expect("bad gmail credentials");
    let authenticator = AB::with_service_key(service_key, ACCOUNT_EMAIL)
      .build()
      .await
      .expect("failed to create authenticator");
    // once you have authenticator, you can ask for the authorization header
    // for any scopes your service account is approved
    let scopes = &["https://www.googleapis.com/auth/gmail.send"];
    let authorization_header = authenticator
      .header(GMAIL_SCOPES)
      .await
      .expect("Failed to get authorization token");
    // now with the authorization header you can send api requests
    let mut resp = authenticator
      .client
      .post("https:://gmail.googleapis.com/gmail/v1/users/USEREMAIL/messages/send")
      .header("Content-Type", "application/json")
      .header("Authorization", authorization_header.as_str())
      .send_body(r#"{"raw": "base64 encoded email message"}"#)
      .await
      .expect("response error");
    println!("Status:{}", resp.status());
    match resp.body().await {
      Ok(b) => println!("Body:{:?}", &b),
      Err(e) => println!("Err:{:?}", e),
    }
    Ok(())
}

Modules§

authenticator
Module contianing the core functionality for OAuth2 Authentication.
error
Module containing various error types.

Structs§

AccessToken
Represents an access token returned by oauth2 servers. All access tokens are Bearer tokens. Other types of tokens are not supported.
ServiceAccountKey
JSON schema of secret service account key. You can obtain the key from the Cloud Console at https://console.cloud.google.com/.

Enums§

Error
Encapsulates all possible results of the token(...) operation

Functions§

parse_service_key
Parse service account key from a u8.
read_service_account_key
Read a service account key from a JSON file. You can download the JSON keys from the Google Cloud Console or the respective console of your service provider.