Crate yup_oauth2[][src]

This library can be used to acquire oauth2.0 authentication for services.

For your application to use this library, you will have to obtain an application id and secret by following this guide (for Google services) respectively the documentation of the API provider you want to connect to.

Device Flow Usage

With an application secret you can get started right away, building a DeviceFlowAuthenticator and obtaining tokens from it.

Service account “flow”

When using service account credentials, no user interaction is required. The access token can be obtained automatically using the private key of the client (which you can download from the API provider). See examples/service_account/ for an example on how to use service account credentials. See for a detailed description of the protocol. This crate implements OAuth for Service Accounts based on the Google APIs; it may or may not work with other providers.

Installed Flow Usage

The installed flow involves showing a URL to the user (or opening it in a browser) and then either prompting the user to enter a displayed code, or make the authorizing website redirect to a web server spun up by this library and running on localhost.

In order to use the interactive method, use the Interactive InstalledFlowReturnMethod; for the redirect method, use HTTPRedirect.

You can implement your own AuthenticatorDelegate in order to customize the flow; the installed flow uses the present_user_url method.

The returned Token will be stored in memory in order to authorize future API requests to the same scopes. The tokens can optionally be persisted to disk by using persist_tokens_to_disk when creating the authenticator.

The following example, which is derived from the (actual and runnable) example in examples/test-installed/, shows the basics of using this crate:

use yup_oauth2::{InstalledFlowAuthenticator, InstalledFlowReturnMethod};

async fn main() {
    // Read application secret from a file. Sometimes it's easier to compile it directly into
    // the binary. The clientsecret file contains JSON like `{"installed":{"client_id": ... }}`
    let secret = yup_oauth2::read_application_secret("clientsecret.json")

    // Create an authenticator that uses an InstalledFlow to authenticate. The
    // authentication tokens are persisted to a file named tokencache.json. The
    // authenticator takes care of caching tokens to disk and refreshing tokens once
    // they've expired.
    let mut auth = InstalledFlowAuthenticator::builder(secret, InstalledFlowReturnMethod::HTTPRedirect)

    let scopes = &[""];

    // token(<scopes>) is the one important function of this crate; it does everything to
    // obtain a token that can be sent e.g. as Bearer token.
    match auth.token(scopes).await {
        Ok(token) => println!("The token is {:?}", token),
        Err(e) => println!("error: {:?}", e),



Module contianing the core functionality for OAuth2 Authentication.


Module containing types related to delegates.


Module containing various error types.



Represents an access token returned by oauth2 servers. All access tokens are Bearer tokens. Other types of tokens are not supported.


Represents either ‘installed’ or ‘web’ applications in a json secrets file. See ConsoleApplicationSecret for more information


A type to facilitate reading and writing the json secret file as returned by the google developer console


Create an authenticator that uses the device flow.


Create an authenticator that uses the installed flow.


Create an authenticator that uses a service account.


JSON schema of secret service account key. You can obtain the key from the Cloud Console at



Encapsulates all possible results of the token(...) operation





Read an application secret from a JSON string.


Read an application secret from a file.


Read a service account key from a JSON file. You can download the JSON keys from the Google Cloud Console or the respective console of your service provider.