core:rust/lib/net/src/engine/http/oauth.rs

changelog shortlog graph tags branches changeset files revisions annotate raw help

Mercurial > core / rust/lib/net/src/engine/http/oauth.rs

changeset 698:	96958d3eb5b0
parent:	3d78bed56188
author:	Richard Westhaver <ellis@rwest.io>
date:	Fri, 04 Oct 2024 22:04:59 -0400
permissions:	-rw-r--r--
description:	fixes

     1 use crate::Result;
     2 use oauth2::{
     3   basic::{BasicClient, BasicTokenType},
     4   AuthUrl, ClientId, ClientSecret, EmptyExtraTokenFields, RedirectUrl,
     5   TokenUrl,
     6 };
     7 pub use obj::Oauth2Config;
     8 
     9 pub use oauth2::{
    10   reqwest::async_http_client, AuthorizationCode, CsrfToken, PkceCodeChallenge,
    11   Scope, StandardTokenResponse, TokenResponse,
    12 };
    13 use std::env;
    14 
    15 pub fn client(cfg: Oauth2Config) -> BasicClient {
    16   // Environment variables (* = required):
    17   // *"CLIENT_ID"     "123456789123456789";
    18   // *"CLIENT_SECRET" "rAn60Mch4ra-CTErsSf-r04utHcLienT";
    19   //  "REDIRECT_URL"  "http://127.0.0.1:3000/authorized";
    20   //  "AUTH_URL"      "https://rwest.io/api/oauth2/authorize?response_type=code";
    21   //  "TOKEN_URL"     "https://rwest.io/api/oauth2/token";
    22 
    23   let client_id = env::var("CLIENT_ID").unwrap_or(cfg.client_id);
    24   let client_secret = env::var("CLIENT_SECRET").unwrap_or(cfg.client_secret);
    25   let redirect_url = env::var("REDIRECT_URL")
    26     .unwrap_or(cfg.redirect_uris.first().unwrap().to_string());
    27   let auth_url = env::var("AUTH_URL").unwrap_or(cfg.auth_uri);
    28   let token_url = env::var("TOKEN_URL").unwrap_or(cfg.token_uri);
    29 
    30   BasicClient::new(
    31     ClientId::new(client_id),
    32     Some(ClientSecret::new(client_secret)),
    33     AuthUrl::new(auth_url).unwrap(),
    34     Some(TokenUrl::new(token_url).unwrap()),
    35   )
    36   .set_redirect_uri(RedirectUrl::new(redirect_url).unwrap())
    37 }
    38 
    39 pub async fn auth(
    40   cfg: Oauth2Config,
    41 ) -> Result<StandardTokenResponse<EmptyExtraTokenFields, BasicTokenType>> {
    42   let client = client(cfg);
    43   let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256(); //generate challenge
    44                                                                                 // Generate the full authorization URL.
    45   let (auth_url, _csrf_token) = client
    46     .authorize_url(CsrfToken::new_random)
    47     // Set the desired scopes.
    48     .add_scope(Scope::new("read".to_string()))
    49     .add_scope(Scope::new("write".to_string()))
    50     // Set the PKCE code challenge.
    51     .set_pkce_challenge(pkce_challenge)
    52     .url();
    53 
    54   println!("point browser to: {}", auth_url);
    55 
    56   let tok = client
    57     .exchange_code(AuthorizationCode::new(
    58       "some authorization code".to_string(),
    59     ))
    60     // Set the PKCE code verifier.
    61     .set_pkce_verifier(pkce_verifier)
    62     .request_async(async_http_client)
    63     .await
    64     .unwrap();
    65   Ok(tok)
    66 }