MCPcopy Index your code
hub / github.com/EmbarkStudios/tame-oauth

github.com/EmbarkStudios/tame-oauth @0.10.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release 0.10.0 ↗ · + Follow
108 symbols 190 edges 14 files 25 documented · 23%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

🔐 tame-oauth

Embark Embark Crates.io Docs dependency status Build status

tame-oauth is a small oauth crate that follows the sans-io approach.

Why?

  • You want to control how you actually make oauth HTTP requests

Why not?

  • The only auth flows that is currently implemented is the service account, user credentials and metadata server flow for GCP. Other flows can be added, but right now GCP is the only provider we need.
  • There are several other oauth crates available that have many more features and are easier to work with, if you don't care about what HTTP clients they use.
  • This crate requires more boilerplate to use.

Features

  • gcp (default) - Support for GCP oauth2
  • wasm-web - Enables wasm features in ring needed for tame-oauth to be used in a wasm browser context. Note this feature should not be used when targeting wasm outside the browser context, in which case you would likely need to target wasm32-wasi.
  • jwt (default) - Support for JSON Web Tokens, required for gcp
  • url (default) - Url parsing, required for gcp

Examples

svc_account

Usage: cargo run --example svc_account -- <key_path> <scope..>

A small example of using tame-oauth together with reqwest. Given a key file and 1 or more scopes, it will attempt to get a token that could be used to access resources in those scopes.

cargo run --example svc_account -- ~/.secrets/super-sekret.json https://www.googleapis.com/auth/pubsub https://www.googleapis.com/auth/devstorage.read_only

default_creds

Usage: cargo run --example default_creds -- <scope..>

Attempts to find and use the default credentials to get a token. Note that scopes are not used in all cases as eg. end user credentials only ever have the cloud platform scope.

cargo run --example default_creds -- https://www.googleapis.com/auth/devstorage.read_only

Contributing

Contributor Covenant

We welcome community contributions to this project.

Please read our Contributor Guide for more information on how to get started.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Extension points exported contracts — how you extend this code

IdTokenProvider (Interface)
A `IdTokenProvider` supplies all methods needed for all different flows to get a id token. [6 implementers]
src/id_token.rs
TokenProvider (Interface)
A `TokenProvider` has a single method to implement `get_token_with_subject`. Implementations are free to perform caching [6 …
src/token.rs
CacheableToken (Interface)
(no doc) [2 implementers]
src/token_cache.rs

Core symbols most depended-on inside this repo

get
called by 9
src/token_cache.rs
get_token
called by 8
src/token.rs
sign_rsa
called by 6
src/jwt.rs
insert
called by 5
src/token_cache.rs
inner
called by 5
src/token_cache.rs
hash_scopes
called by 5
src/token_cache.rs
get_id_token
called by 3
src/gcp.rs
mock_token
called by 3
src/token_cache.rs

Shape

Method 59
Function 20
Class 18
Enum 8
Interface 3

Languages

Rust100%

Modules by API surface

src/token_cache.rs24 symbols
src/gcp.rs14 symbols
src/gcp/service_account.rs13 symbols
src/gcp/end_user.rs13 symbols
src/jwt.rs10 symbols
src/gcp/metadata_server.rs10 symbols
src/token.rs7 symbols
src/id_token.rs7 symbols
src/error.rs5 symbols
examples/svc_account_id_token.rs2 symbols
examples/svc_account.rs1 symbols
examples/default_creds_id_token.rs1 symbols

For agents

$ claude mcp add tame-oauth \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page