oauth2-rs icon indicating copy to clipboard operation
oauth2-rs copied to clipboard

Published 20 hours ago verified publisher icon ramosbugs

Hello How do I use Hewlp

Open pierreprinetti opened this issue 3 years ago • 4 comments

I'm coming from Go and I feel a bit lost.

In the old Go days, I would use the OAuth2 creds to build a token generator, then I would use the token generator to create a Client that automatically gets a token every time it needs it. The token generator would automatically use the refresh token whenever it's time. docs: here

Enough reminding the old times; now my question.

All the examples in this library end with a token_response. How do I use it for making HTTP requests?

Am I supposed to build my own client that injects the headers and checks the expiration time (or the 403 responses) to renew the access_token when needed?

I am fine with coding that part, but I just want to understand if I'm missing something.

pierreprinetti avatar Sep 27 '21 16:09 pierreprinetti

Am I supposed to build my own client that injects the headers and checks the expiration time (or the 403 responses) to renew the access_token when needed?

Yup. In practice, most oauth2::Client instances aren't so long-lived that they'll outlast an access token. Instead, access and refresh tokens typically need to be persisted somewhere like a backend DB or mobile device storage for future use, and the process of refreshing tokens needs to update that persisted state. iirc, the spec also allows for some flexibility in how authorization servers handle refresh tokens, with some generating a new refresh token each time, and others allowing the same refresh token to be used multiple times. There's also no standardized error code specified in the RFC for resource servers to indicate token expiration to clients. I'm curious how the Go client manages to handle all of this complexity for its users.

ramosbugs avatar Sep 27 '21 20:09 ramosbugs

Hi David, thanks for the swift answer. Looks like a nice rabbit hole for me to dig into. Thanks!

pierreprinetti avatar Sep 28 '21 08:09 pierreprinetti

Hi! I have a somewhat similar question. I want to use your crate to get the access_token by doing the code exchange flow. I would then tag this token along my HTTP requests. Unfortunately I can't access this, because StandardTokenResponse::access_token is a private field. I am not sure what I should do to access this access_token 😀.

vinhtru avatar Oct 04 '21 17:10 vinhtru

I was just browsing some issues and I've seen your comment @vinhtru . Although its almost one year later: You are using StandardTokenResponse which does not have a function that returns your token, so you need to cast/use TokenResponse.

use oauth2::TokenResponse;
//...
// let token_result: TokenResponse = <...>.request(<...>);
println!("{}", token_result.access_token().secret().clone());

CosminPerRam avatar Sep 16 '22 10:09 CosminPerRam