tame-oauth is a small oauth crate that follows the sans-io approach.
- You want to control how you actually make oauth HTTP requests
- The only auth flow that is currently implemented is the service account flow for GCP. Other flows can be added, but right now that is the only one we need.
- There are several other oauth crates available that have many more features and are easier to work with, if you don't care about what HTTP clients they use.
- This crate requires more boilerplate to use.
gcp(default) - Support for GCP oauth2
wasm-web- Enables wasm features in
tame-oauthto be used in a wasm browser context. Note this feature should not be used when targetting wasm outside the browser context, in which case you would likely need to target
jwt(default) - Support for JSON Web Tokens, required for
url(default) - Url parsing, required for
cargo run --example svc_account -- <key_path> <scope..>
A small example of using
tame-oauth together with reqwest. Given a key file and 1 or more scopes, it will attempt to get a token that could be used to access resources in those scopes.
cargo run --example svc_account -- ~/.secrets/super-sekret.json https://www.googleapis.com/auth/pubsub https://www.googleapis.com/auth/devstorage.read_only
cargo run --example default_creds -- <scope..>
Attempts to find and use the default credentials to get a token. Note that scopes are not used in all cases as eg. end user credentials only ever have the cloud platform scope.
cargo run --example default_creds -- https://www.googleapis.com/auth/devstorage.read_only
We welcome community contributions to this project.
Please read our Contributor Guide for more information on how to get started.
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.