Unix only oidc-agent library for Rust
This crate is an interface to oidc-agent IPC-API.
The oidc-agent must be running under the user system and OIDC_SOCK must be exported properly.
To obtain access_token by account shortname run the following code in main.rs:
use oidc_agent_rs::{Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
let access_token = agent.get_access_token("profile_shortname")?;
println!("{}", access_token.secret());
Ok(())
}The secret() method is required to obtain token as a &str value. Otherwise the Token pseudostruct
would be returned.
For asynchronous programming, you need to enable the async feature and use the crate::async_impl::Agent.
Here’s a basic example of obtaining an access_token asynchronously:
use oidc_agent_rs::async_impl::Agent;
use oidc_agent_rs::Error;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let agent = Agent::new().await?;
let at = agent.get_access_token("profile_shortname").await?;
println!("{}", at.secret());
Ok(())
}Cargo.toml
[dependencies]
oidc_agent_rs = { version = "0.2.0", features=["async"]}
tokio = { version = "1.39.2", features = ["net", "io-util", "macros", "rt-multi-thread"] }To obtain access_token with more advanced options you have to use request builder.
AccessTokenRequest has a method to easy build a new request. Then you have to send the request
directly to the agent and parse the response.
Example:
use oidc_agent_rs::{requests::AccessTokenRequest, Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
//obtaining access_token by issuer only (no shortname needed)
let at_request = AccessTokenRequest::builder()
.issuer("https://issuer.url")?
.min_valid_period(60)
.build()?;
let at_response = agent.send_request(at_request)?;
println!("{}", at_response.access_token().secret());
println!("{}", at_response.issuer());
println!("{}", at_response.expires_at());
Ok(())
}Obtaining mytoken using only account shortname is very similar to obtaining access_token.
Example:
use oidc_agent_rs::{Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
let mytoken = agent.get_mytoken("mytoken")?;
println!("{}", mytoken.secret());
Ok(())
}Once more the secret() method is used to obtain token as a &str value.
If you want to obtain new mytoken using specific Mytoken profile, you have to create new
Profile element. All profile objects documented in the Mytoken documentation are
supported. You can add multiple Capability and Restriction elements
and single Rotation element to the Profile. Then add the
Profile element to the MyTokenRequest element.
Example:
use oidc_agent_rs::mytoken::{Capability, Profile, Restriction, Rotation, TokenInfoPerms};
use oidc_agent_rs::requests::MyTokenRequest;
use oidc_agent_rs::{Agent, Error};
fn main() -> Result<(), Error> {
let agent = Agent::new()?;
let mut profile = Profile::new();
//basic capabilites
let caps = vec![Capability::AT, Capability::TokenInfo(TokenInfoPerms::All)];
//new restriction
let restriction = Restriction::builder()
.usages_AT(5) //number of mytoken max usages
.add_geoip_allow(vec!["pl", "de"]) //geoip allowed regions
.build();
//basic rotation
let rotation = Rotation::builder().set_on_AT().set_lifetime(1000).build()?;
profile.add_capabilities(&caps);
profile.add_restrictions(&vec![restriction]);
profile.set_rotation(&rotation);
let mt_request = MyTokenRequest::builder("mytoken")
.mytoken_profile(&profile)
.build()?;
let mt_response = agent.send_request(mt_request)?;
println!("{}", mt_response.mytoken().secret());
Ok(())
}