Unix only oidc-agent
library for Rust
This crate is an interface to oidc-agent
IPC-API.
The oidc-agent
must be running under the user system and OIDC_SOCK must be exported properly.
To obtain access_token by account shortname run the following code in main.rs
:
use oidc_agent_rs::{Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
let access_token = agent.get_access_token("profile_shortname")?;
println!("{}", access_token.secret());
Ok(())
}
The secret()
method is required to obtain token as a &str
value. Otherwise the Token
pseudostruct
would be returned.
For asynchronous programming, you need to enable the async
feature and use the crate::async_impl::Agent
.
Here’s a basic example of obtaining an access_token asynchronously:
use oidc_agent_rs::async_impl::Agent;
use oidc_agent_rs::Error;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let agent = Agent::new().await?;
let at = agent.get_access_token("profile_shortname").await?;
println!("{}", at.secret());
Ok(())
}
Cargo.toml
[dependencies]
oidc_agent_rs = { version = "0.2.0", features=["async"]}
tokio = { version = "1.39.2", features = ["net", "io-util", "macros", "rt-multi-thread"] }
To obtain access_token with more advanced options you have to use request builder.
AccessTokenRequest
has a method to easy build a new request. Then you have to send the request
directly to the agent and parse the response.
Example:
use oidc_agent_rs::{requests::AccessTokenRequest, Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
//obtaining access_token by issuer only (no shortname needed)
let at_request = AccessTokenRequest::builder()
.issuer("https://issuer.url")?
.min_valid_period(60)
.build()?;
let at_response = agent.send_request(at_request)?;
println!("{}", at_response.access_token().secret());
println!("{}", at_response.issuer());
println!("{}", at_response.expires_at());
Ok(())
}
Obtaining mytoken using only account shortname is very similar to obtaining access_token.
Example:
use oidc_agent_rs::{Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
let mytoken = agent.get_mytoken("mytoken")?;
println!("{}", mytoken.secret());
Ok(())
}
Once more the secret() method is used to obtain token as a &str value.
If you want to obtain new mytoken using specific Mytoken profile, you have to create new
Profile
element. All profile objects documented in the Mytoken documentation are
supported. You can add multiple Capability
and Restriction
elements
and single Rotation
element to the Profile
. Then add the
Profile
element to the MyTokenRequest
element.
Example:
use oidc_agent_rs::mytoken::{Capability, Profile, Restriction, Rotation, TokenInfoPerms};
use oidc_agent_rs::requests::MyTokenRequest;
use oidc_agent_rs::{Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
let mut profile = Profile::new();
//basic capabilites
let caps = vec![Capability::AT, Capability::TokenInfo(TokenInfoPerms::All)];
//new restriction
let restriction = Restriction::builder()
.usages_AT(5) //number of mytoken max usages
.add_geoip_allow(vec!["pl", "de"]) //geoip allowed regions
.build();
//basic rotation
let rotation = Rotation::builder().set_on_AT().set_lifetime(1000).build()?;
profile.add_capabilities(&caps);
profile.add_restrictions(&vec![restriction]);
profile.set_rotation(&rotation);
let mt_request = MyTokenRequest::builder("mytoken")
.mytoken_profile(&profile)
.build()?;
let mt_response = agent.send_request(mt_request)?;
println!("{}", mt_response.mytoken().secret());
Ok(())
}