service_authenticator/
lib.rs

1//! This library is derived from yup-oauth2. Many of the doc comments are still refering
2//! to the original library.
3//! 
4//! This library can be used to acquire oauth2.0 authentication for services.
5//!
6//! For your application to use this library, you will have to obtain an application
7//! id and secret by
8//! [following this guide](https://developers.google.com/youtube/registering_an_application) (for
9//! Google services) respectively the documentation of the API provider you want to connect to.
10//!
11//! # Service account "flow"
12//! When using service account credentials, no user interaction is required. The access token
13//! can be obtained automatically using the private key of the client (which you can download
14//! from the API provider). See `service_account` for an example on how to use service
15//! account credentials. See
16//! [developers.google.com](https://developers.google.com/identity/protocols/OAuth2ServiceAccount)
17//! for a detailed description of the protocol. This crate implements OAuth for Service Accounts
18//! based on the Google APIs; it may or may not work with other providers.
19//!
20//! The returned `Token` will be stored in memory in order to authorize future
21//! API requests to the same scopes. The tokens can optionally be persisted to
22//! disk by using `persist_tokens_to_disk` when creating the authenticator.
23//!
24//! The following example, shows the basics of using this crate:
25//!
26//! ```
27//! use service_authenticator::parse_service_key;
28//! use service_authenticator::AuthenticatorBuilder as AB;
29//!
30//! static SERVICE_CREDENTIALS:&[u8] = include_bytes!("path to jour credentials.json");
31//! // The clientsecret file contains JSON like `{"type":"service_account", "project_id":"my-super-project", ...}`
32//! #[tokio::main]
33//! async fn main() {
34//!     let service_key = parse_service_key(SERVICE_CREDENTIALS)
35//!        .expect("bad gmail credentials");
36//!     let authenticator = AB::with_service_key(service_key, ACCOUNT_EMAIL)
37//!       .build()
38//!       .await
39//!       .expect("failed to create authenticator");
40//!     // once you have authenticator, you can ask for the authorization header
41//!     // for any scopes your service account is approved
42//!     let scopes = &["https://www.googleapis.com/auth/gmail.send"];
43//!     let authorization_header = authenticator
44//!       .header(GMAIL_SCOPES)
45//!       .await
46//!       .expect("Failed to get authorization token");
47//!     // now with the authorization header you can send api requests
48//!     let mut resp = authenticator
49//!       .client
50//!       .post("https:://gmail.googleapis.com/gmail/v1/users/USEREMAIL/messages/send")
51//!       .header("Content-Type", "application/json")
52//!       .header("Authorization", authorization_header.as_str())
53//!       .send_body(r#"{"raw": "base64 encoded email message"}"#)
54//!       .await
55//!       .expect("response error");
56//!     println!("Status:{}", resp.status());
57//!     match resp.body().await {
58//!       Ok(b) => println!("Body:{:?}", &b),
59//!       Err(e) => println!("Err:{:?}", e),
60//!     }
61//!     Ok(())
62//! }
63//! ```
64//!
65#![deny(missing_docs)]
66pub mod authenticator;
67pub mod error;
68mod helper;
69mod service_account;
70mod storage;
71mod types;
72
73pub use crate::helper::*;
74
75pub use crate::service_account::ServiceAccountKey;
76
77#[doc(inline)]
78pub use crate::error::Error;
79pub use crate::types::AccessToken;