oauth2-broker/examples/client_credentials.rs at main · hack-ink/oauth2-broker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
//! Demonstrates using the broker’s client-credentials flow with the default reqwest transport
//! and in-memory token store to reuse cached service tokens.

// std
use std::sync::Arc;
// crates.io
use color_eyre::Result;
use httpmock::prelude::*;
use url::Url;
// self
use oauth2_broker::{
	auth::{PrincipalId, ProviderId, ScopeSet, TenantId},
	flows::{Broker, CachedTokenRequest},
	http::ReqwestHttpClient,
	oauth::ReqwestTransportErrorMapper,
	provider::{DefaultProviderStrategy, GrantType, ProviderDescriptor, ProviderStrategy},
	reqwest::Client,
	store::{BrokerStore, MemoryStore},
};

#[tokio::main]
async fn main() -> Result<()> {
	color_eyre::install()?;

	let store: Arc<dyn BrokerStore> = Arc::new(MemoryStore::default());
	let strategy: Arc<dyn ProviderStrategy> = Arc::new(DefaultProviderStrategy);
	let server = MockServer::start_async().await;
	let token_mock = server
		.mock_async(|when, then| {
			when.method(POST).path("/token");
			then.status(200).header("content-type", "application/json").body(
				"{\"access_token\":\"demo-access\",\"token_type\":\"bearer\",\"expires_in\":900}",
			);
		})
		.await;
	let descriptor = ProviderDescriptor::builder(ProviderId::new("demo-provider")?)
		.authorization_endpoint(Url::parse(&server.url("/authorize"))?)
		.token_endpoint(Url::parse(&server.url("/token"))?)
		.support_grant(GrantType::ClientCredentials)
		.build()?;
	let http_client = ReqwestHttpClient::with_client(
		Client::builder()
			.danger_accept_invalid_certs(true)
			.danger_accept_invalid_hostnames(true)
			.build()?,
	);
	let mapper = <Arc<ReqwestTransportErrorMapper>>::new(ReqwestTransportErrorMapper);
	let broker = <Broker<ReqwestHttpClient, ReqwestTransportErrorMapper>>::with_http_client(
		store,
		descriptor,
		strategy,
		"demo-client",
		http_client,
		mapper,
	)
	.with_client_secret("super-secret");
	let request = CachedTokenRequest::new(
		TenantId::new("tenant-acme")?,
		PrincipalId::new("service-router")?,
		ScopeSet::new(["email.read", "profile.read"])?,
	);
	let record = broker.client_credentials(request).await?;

	println!("Reusable access token: {}.", record.access_token.expose());

	token_mock.assert_async().await;

	Ok(())
}