Crate yup_oauth2 [] [src]

This library can be used to acquire oauth2.0 authentication for services. At the time of writing, only one way of doing so is implemented, the device flow, along with a flow for refreshing tokens

For your application to use this library, you will have to obtain an application id and secret by following this guide.

Device Flow Usage

As the DeviceFlow involves polling, the DeviceFlowHelper should be used as means to adhere to the protocol, and remain resilient to all kinds of errors that can occour on the way.

Installed Flow Usage

The InstalledFlow involves showing a URL to the user (or opening it in a browser) and then either prompting the user to enter a displayed code, or make the authorizing website redirect to a web server spun up by this library. In order to use the interactive method, use the InstalledInteractive FlowType; for the redirect method, use InstalledRedirect, with the port number to let the server listen on. You can implement your own AuthenticatorDelegate in order to customize the flow; the InstalledFlow uses the present_user_url method.

The returned Token is stored permanently to authorize future API requests in the same scopes.

#![cfg_attr(feature = "nightly", feature(custom_derive, custom_attribute, plugin))]
#![cfg_attr(feature = "nightly", plugin(serde_macros))]
extern crate hyper;
extern crate yup_oauth2 as oauth2;
extern crate serde;
extern crate serde_json;

use oauth2::{Authenticator, DefaultAuthenticatorDelegate, PollInformation, ConsoleApplicationSecret, MemoryStorage, GetToken};
use serde_json as json;
use std::default::Default;

let secret = json::from_str::<ConsoleApplicationSecret>(SECRET).unwrap().installed.unwrap();
let res = Authenticator::new(&secret, DefaultAuthenticatorDelegate,
                        <MemoryStorage as Default>::default(), None)
match res {
    Ok(t) => {
    // now you can use t.access_token to authenticate API calls within your
    // given scopes. It will not be valid forever, which is when you have to
    // refresh it using the `RefreshFlow`
    Err(err) => println!("Failed to acquire token: {}", err),

Refresh Flow Usage

As the Token you retrieved previously will only be valid for a certain time, you will have to use the information from the Token.refresh_token field to get a new access_token.

extern crate hyper;
extern crate yup_oauth2 as oauth2;
use oauth2::{RefreshFlow, FlowType, RefreshResult};

let mut f = RefreshFlow::new(hyper::Client::new());
let new_token = match *f.refresh_token(FlowType::Device,
                                       "my_client_id", "my_secret",
                                       "my_refresh_token") {
                       RefreshResult::Success(ref t) => t,
                       _ => panic!("bad luck ;)")



Represents either 'installed' or 'web' applications in a json secrets file. See ConsoleApplicationSecret for more information


A generalized authenticator which will keep tokens valid and store them.


A type to facilitate reading and writing the json secret file as returned by the google developer console


Uses all default implementations by AuthenticatorDelegate, and makes the trait's implementation usable in the first place.


Implements the Oauth2 Device Flow It operates in two steps: * obtain a code to show to the user * (repeatedly) poll for the user to authenticate your application


Serializes tokens to a JSON file on disk.


A storage that remembers values for one session only.


A storage that remembers nothing.


Contains state of pending authentication requests


Implements the Outh2 Refresh Token Flow.


A scheme for use in hyper::header::Authorization


Represents a token as returned by OAuth2 servers.



All known authentication types, for suitable constants




Encapsulates all possible results of a poll_token(...) operation


All possible outcomes of the refresh flow


A utility type to indicate how operations DeviceFlowHelper operations should be retried


Represents all implemented token types



A partially implemented trait to interact with the Authenticator


A provider for authorization tokens, yielding tokens valid for a given scope. The api_key() method is an alternative in case there are no scopes or if no user is involved.


Implements a specialized storage to set and retrieve Token instances. The scope_hash represents the signature of the scopes for which the given token should be stored or retrieved. For completeness, the underlying, sorted scopes are provided as well. They might be useful for presentation to the user.