#oauth #actix-web #google #v2

service-authenticator

An oauth2 implementation, providing the 'service account'authorization flow using actix-web for communication

2 releases

0.1.1 Oct 2, 2020
0.1.0 Oct 2, 2020

#7 in #v2

MIT/Apache

44KB
1K SLoC

This library is derived from yup-oauth2. Many of the doc comments are still refering to the original library.

This library can be used to acquire oauth2.0 authentication for services.

For your application to use this library, you will have to obtain an application id and secret by following this guide (for Google services) respectively the documentation of the API provider you want to connect to.

Service account "flow"

When using service account credentials, no user interaction is required. The access token can be obtained automatically using the private key of the client (which you can download from the API provider). See service_account for an example on how to use service account credentials. See developers.google.com for a detailed description of the protocol. This crate implements OAuth for Service Accounts based on the Google APIs; it may or may not work with other providers.

The returned Token will be stored in memory in order to authorize future API requests to the same scopes. The tokens can optionally be persisted to disk by using persist_tokens_to_disk when creating the authenticator.

The following example, shows the basics of using this crate:

use service_authenticator::parse_service_key;
use service_authenticator::AuthenticatorBuilder as AB;

static SERVICE_CREDENTIALS:&[u8] = include_bytes!("path to jour credentials.json");
// The clientsecret file contains JSON like `{"type":"service_account", "project_id":"my-super-project", ...}`
#[tokio::main]
async fn main() {
    let service_key = parse_service_key(SERVICE_CREDENTIALS)
       .expect("bad gmail credentials");
    let authenticator = AB::with_service_key(service_key, ACCOUNT_EMAIL)
      .build()
      .await
      .expect("failed to create authenticator");
    // once you have authenticator, you can ask for the authorization header
    // for any scopes your service account is approved
    let scopes = &["https://www.googleapis.com/auth/gmail.send"];
    let authorization_header = authenticator
      .header(GMAIL_SCOPES)
      .await
      .expect("Failed to get authorization token");
    // now with the authorization header you can send api requests
    let mut resp = authenticator
      .client
      .post("https:://gmail.googleapis.com/gmail/v1/users/USEREMAIL/messages/send")
      .header("Content-Type", "application/json")
      .header("Authorization", authorization_header.as_str())
      .send_body(r#"{"raw": "base64 encoded email message"}"#)
      .await
      .expect("response error");
    println!("Status:{}", resp.status());
    match resp.body().await {
      Ok(b) => println!("Body:{:?}", &b),
      Err(e) => println!("Err:{:?}", e),
    }
    Ok(())
}

Dependencies

~40MB
~869K SLoC