Skip to content

spruceid/open-auth2-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
src
src
 
 
.gitignore
.gitignore
 
 
.rustfmt.toml
.rustfmt.toml
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
README.md
README.md
 
 

Repository files navigation

Modular OAuth 2.0 Authorization Framework Implementation, for Rust.

This crate provides building blocks for implementing OAuth 2.0 clients and servers, following the specifications defined in RFC 6749 and related extensions:

  • RFC 7636 — Proof Key for Code Exchange (PKCE)
  • RFC 9126 — Pushed Authorization Requests (PAR)
  • RFC 9396 — Rich Authorization Requests (RAR)
  • OpenID4VCI — Pre-Authorized Code Grant

It is meant to provide a highly modular architecture to accommodate the numerous extensions to the OAuth 2.0 framework.

Client usage

The following shows how to set up a client, build an authorization URL with PKCE, and exchange the resulting code for a token.

use open_auth2::{
    ClientId, StateBuf,
    AddState,
    client::OAuth2Client,
    endpoints::{authorization::AuthorizationEndpoint, token::{TokenEndpoint, TokenResponse}},
    ext::pkce::{AddPkceChallenge, AddPkceVerifier, PkceCodeChallengeAndMethod},
    transport::HttpClient,
    client_id, code
};

// 1. Define your client.
struct MyClient;

impl OAuth2Client for MyClient {
    type TokenResponse = TokenResponse;

    fn client_id(&self) -> &ClientId {
        client_id!("my-client-id")
    }
}

async fn run(http_client: &impl HttpClient) -> Result<(), Box<dyn std::error::Error>> {
    let client = MyClient;
    let auth_uri = iref::Uri::new("https://auth.example.com/authorize")?;
    let token_uri = iref::Uri::new("https://auth.example.com/token")?;

    // 2. Generate PKCE challenge and state.
    let (pkce_challenge, pkce_verifier) = PkceCodeChallengeAndMethod::new_random_sha256();
    let state = StateBuf::new_random();

    // 3. Build the authorization redirect URL.
    let authorize_url = AuthorizationEndpoint::new(&client, auth_uri)
        .authorize_url(None, None)
        .with_state(Some(state))
        .with_pkce_challenge(pkce_challenge)
        .into_redirect_uri();

    println!("Open in browser: {authorize_url}");

    // 4. After the user is redirected back with a `code`, exchange it.
    let code = code!("received-code").to_owned();

    let token_response = TokenEndpoint::new(&client, token_uri)
        .exchange_code(code, None)
        .with_pkce_verifier(&pkce_verifier)
        .send(http_client)
        .await?;

    println!("Access token: {}", token_response.access_token);
    Ok(())
}

Modules

  • client — OAuth 2.0 client trait and types.
  • endpoints — Endpoint abstractions (authorization, token, PAR).
  • ext — Built-in protocol extensions (PKCE, RAR).
  • grant — Grant type implementations (authorization code, pre-authorized code).
  • server — OAuth 2.0 server trait and types.
  • transport — HTTP transport layer and content type encoding.
  • util — URI query string utilities.

About

Modular OAuth 2.0 Authorization Framework Implementation, for Rust

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages