Comments (6)
What kind of validation are you trying to do? I expect the answer to be pretty specific to the API that provides the access_token
, so this may be better asked there (or it may be in their documentation).
from rocket_oauth2.
I am using github OAuth as a mean of user identification. Once they're logged and I have access to the token, I'd like to use this to validate others endpoint.
I know how to validate a github token but I am wondering if there is a some specific workflow in rocket_oauth2
to handle this lifecycle? (token refresh, invalidation if expired, ..)
from rocket_oauth2.
Although the TokenResponse
includes the refresh_token
and expires_in
values if the authorization server provided them, I would consider actually using the values as out of scope for rocket_oauth2
. Since the only sure way to validate an access token is to attempt to use it, rocket_oauth2
would need to have a validation mechanism for every provider in order for this to actually work.
rocket_oauth2
does provide a convenient way to make that refresh request, at least: https://docs.rs/rocket_oauth2/0.3.0/rocket_oauth2/struct.OAuth2.html#method.refresh
from rocket_oauth2.
Thanks!
from rocket_oauth2.
@jebrosen To check a Github token both client_id
and client_secret
are needed. Is there a way to get this from OAuth2
in an arbitrary endpoint?
from rocket_oauth2.
@jeluard It can't be accessed via OAuth2
, but I would be happy to accept a PR for that.
There is also https://docs.rs/rocket_oauth2/0.3.1/rocket_oauth2/struct.OAuthConfig.html#method.from_config, which can be used once at startup to read the configuration in the same way OAuth2::fairing()
does. That would allow you to store the client_id
and client_secret
in managed state somewhere.
from rocket_oauth2.
Related Issues (20)
- Feature: Make redirect_uri optional HOT 6
- Docs: Add example with Custom Provider HOT 1
- Allow extending of authorization endpoint parameters.
- Callback fails to run if request parameters are in the wrong order HOT 4
- Reddit configuration not actually working HOT 5
- Support revoking tokens
- ##Question: Other OAuth2 Providers? HOT 2
- Plans for Rocket v0.5 HOT 4
- Handle 400 errors from the authorization server HOT 3
- How do we use rocket_oauth2 for Facebook? HOT 1
- What's the difference between rocket_oauth2 and the OAuth2 crate? HOT 1
- Do not check token-type. HOT 1
- Cookie `rocket_oauth2_state` with `secure` flag HOT 2
- Cookies in rocket_oauth2 v0.4.1 not working for rocket v0.5.0-rc.2 HOT 1
- Multiple redirect URIs? HOT 1
- Update to support rocket =0.5.0-rc.4 HOT 1
- How secure is this? HOT 1
- Discord provider Exchange Failure. HOT 2
- Help with 400 returned from provider (Google) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rocket_oauth2.