aacb97d76c
The `from_environment` function in `ApplicationDefaultCredentialsAuthenticator` had an `unwrap` call on an io::Result after reading the service account key from file. File operations are inherently fallible, and panicking on such a failure is generally a bad convention compared to propagating the IO error. Propagating that error from the `from_environment` function is not practical however, because the returned Result type does not include IO errors, and changing the function signature would be semver incompatible. This change instead defers reading the key file to a later function call. Now `from_environment` only reads the value of the `GOOGLE_APPLICATION_CREDENTIALS` into a PathBuf, and a later call to `ServiceAccountFlow::new` will actually read the file. That constructor already returns an io::Result, so folding the read error into it is possible, and none of the changes impact public items so it's all semver-compatible.
yup-oauth2 is a utility library which implements several OAuth 2.0 flows. It's mainly used by
google-apis-rs, to authenticate against Google services.
(However, you're able to use it with raw HTTP requests as well; the flows are implemented as token
sources yielding HTTP Bearer tokens). Note that the newer, asynchronous versions of this crate
(version 4) are not compatible with google-apis-rs anymore/at the moment.
To use asynchronous APIs with the new yup-oauth2 (from version 4), use the
async-google-apis code
generator, which generates asynchronous API stubs for Google APIs and other
providers who provide Discovery documents for their REST APIs. (WARNING: that
project is still alpha-quality. Contributions are welcome)
The provider we have been testing the code against is also Google. However, the code itself is generic, and any OAuth provider behaving like Google will work as well. If you find one that doesn't, please let us know and/or contribute a fix!
Supported authorization types
- Device flow (user enters code on authorization page)
- Installed application flow (user visits URL, copies code to application, application uses code to obtain token). Used for services like GMail, Drive, ...
- Service account flow: Non-interactive authorization of server-to-server communication based on public key cryptography. Used for services like Cloud Pubsub, Cloud Storage, ...
Usage
Please have a look at the API landing page for all the examples you will ever need.
A simple commandline program which authenticates any scope and prints token information can be found in the examples directory.
The video below shows the auth example in action. It's meant to be used as utility to record all server communication and improve protocol compliance.
Versions
- Version 1.x for Hyper versions below 12
- Version 2.x for Hyper versions 12 and above
- Version 3.x for historical interest
- Version 4.x for tokio 0.2/0.3
- Version 5.x for tokio 1.0
License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.