#oauth #request

no-std oauth1-request-ios

OAuth 1.0 client library for Rust with HMAC-SHA256 support

1 unstable release

0.0.1 Aug 2, 2024

#37 in #o-auth

MIT/Apache

150KB
3K SLoC

OAuth 1.0

This is a fork from OAuth 1.0. All credits go to the original author.

The main difference is that this fork doesn't strictly adhere to the OAuth 1.0 specification, and instead allows for more flexibility in the request signing process, namely it allows HMAC-SHA256 (and more to come) hashing algorithms.


lib.rs:

Yet yet yet another OAuth 1.0 client library.

Usage

Add this to your Cargo.toml:

[dependencies]
oauth = { version = "0.0.1", package = "oauth1-request-ios" }

For brevity, we refer to the crate name as oauth throughout the documentation, since the API is designed in favor of qualified paths like oauth::get.

Create a request

A typical authorization flow looks like this:

extern crate oauth1_request_ios as oauth;

// Define a type to represent your request. #[derive(oauth::Request)] struct CreateComment<'a> { article_id: u64, text: &'a str, }

let uri = "https://example.com/api/v1/comments/create.json";

let request = CreateComment { article_id: 123456789, text: "A request signed with OAuth & Rust 🦀 🔏", };

// Prepare your credentials. let token = oauth::Token::from_parts("consumer_key", "consumer_secret", "token", "token_secret");

// Create the Authorization header. let authorization_header = oauth::post(uri, &request, &token, oauth::HMAC_SHA1);

// Override the above value to pin the nonce and timestamp value.

let mut builder = oauth::Builder::new(token.client, oauth::HMAC_SHA1);

builder.token(token.token);

builder.nonce("Dk-OGluFEQ4f").timestamp(std::num::NonZeroU64::new(1234567890));

let authorization_header = builder.post(uri, &request);

// oauth_nonce and oauth_timestamp vary on each execution. assert_eq!( authorization_header, "OAuth
oauth_consumer_key="consumer_key",
oauth_nonce="Dk-OGluFEQ4f",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1234567890",
oauth_token="token",
oauth_signature="n%2FrUgos4CFFZbZK8Z8wFR7drU4c%3D"", );

// You can create an x-www-form-urlencoded string or a URI with query pairs from the request.

let form = oauth::to_form(&request); assert_eq!( form, "article_id=123456789&text=A%20request%20signed%20with%20OAuth%20%26%20Rust%20%F0%9F%A6%80%20%F0%9F%94%8F", );

let uri = oauth::to_query(uri.to_owned(), &request); assert_eq!( uri, "https://example.com/api/v1/comments/create.json?article_id=123456789&text=A%20request%20signed%20with%20OAuth%20%26%20Rust%20%F0%9F%A6%80%20%F0%9F%94%8F", );


See [`Request`][oauth1_request_derive_ios::Request] for more details on the derive macro.

If you want to authorize a request with dynamic keys, use
[`oauth::ParameterList`][ParameterList].

#
use std::fmt::Display;

let request = oauth::ParameterList::new([
    ("article_id", &123456789 as &dyn Display),
    ("text", &"A request signed with OAuth & Rust 🦀 🔏"),
]);

let form = oauth::to_form(&request);
assert_eq!(
    form,
    "article_id=123456789&text=A%20request%20signed%20with%20OAuth%20%26%20Rust%20%F0%9F%A6%80%20%F0%9F%94%8F",
);

Use [oauth::Builder][Builder] if you need to specify a callback URI or verifier:

extern crate oauth1_request_ios as oauth;

let uri = "https://example.com/oauth/request_temp_credentials"; let callback = "https://client.example.net/oauth/callback";

let client = oauth::Credentials::new("consumer_key", "consumer_secret");

let authorization_header = oauth::Builder::<_, _>::new(client, oauth::HmacSha1::new()) .callback(callback) .post(uri, &());

Dependencies

~0.6–2MB
~38K SLoC