CliOAuth

CliOAuth (pronounced "klee-oh-awth") is a utility to assist CLI/desktop application developers with implementing the OAuth 2.0 Authorization Code flow with PKCE.

To learn more about Auth Code w/ PKCE, Auth0 has a good tutorial.

The oauth2 crate provides an excellent OAuth2 client implementation. However, to support the Auth Code with PKCE flow in a native desktop application, a couple of additional pieces are necessary:

• Launching a local web server to listen for the "authorization code" request
• Launching a browser with the "authorization" link
• Validating the CSRF token (i.e. the state parameter)

CliOAuth provides these pieces in an asynchronous and extensible way. It is designed to supplement the oauth2::Client struct, but not interfere with its normal usage.

Status

• Launch an asynchronous web server to handle the auth code request
  • Bind the server to any local address and non-privileged port
  • Scan for a range of ports to find the first open one
• Open the user's browser to begin the authorization flow
• Validate the authorization result and make it available for a code exchange
• Customize the server responses in the browser
  • Successful authorization
  • Authorization error

Usage

General usage is as follows:

1. Configure a CliOAuthBuilder to build a CliOAuth helper
2. Configure an oauth2::Client
3. Start the authorization flow
4. Validate and obtain the authorization code
5. Exchange the code for a token

See the Crate documentation for more details, including an example.