-
-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: benefits for social login in comparison to oauth2-rs
#185
Comments
Both crates implement the relevant OAuth2 and OpenID Connect standards. The comparison between those standards and their purposes isn't specific to these Rust crates. There are many blog posts that discuss the two, including this short one. OpenID Connect is intended to be used for authenticating users via an external identity provider (IdP), whereas OAuth2 is intended to be used to delegate access to resources (e.g., your Google Calendar) to a third party. In practice, OAuth2 is often used for authentication, but that's not its original purpose, and more care must be taken to avoid security issues. This is why the README suggests using this crate (when supported by the IdP) for authentication.
I'm not sure what you mean by this. The
My criteria for adding examples to this crate are roughly the same as for the |
Right, I'm somewhat familiar with OAuth2, but not so much with OIDC unfortunately, but I think my confusion was because I thought that the note in the README meant that
Sorry, I probably poorly worded my explanation What I meant is that using Perhaps another crate could be built on top of one of these crates to enable the functionality that I'm talking about, namely, I wish we could have something like this: let credentials = Credentials {
client_id: "fADS341324lhxKZV54aofds".into(),
client_secret: "1324uasdsdf65sdfgzDFewrD".into()
};
let client = Client::new(Provider::Google, &[Claims::Email, Claims::Name, Claims::Picture], credentials)?;
// Navigate to this URL in the browser to get the code.
let url = client.authentication_url();
// ...
let data = client.exchange_code(received_code).await?;
println!("Email: {}", data.email);
println!("Name: {}", data.name);
println!("Picture: {}", data.picture); |
I stumbled across this crate while reading the README of
oauth2-rs
:I went through the examples and tried using them. I might be wrong, but to me, implementing social login via
oauth2-rs
seems easier (both in terms of boilerplate and reasoning about it).OpenID connect-rs
feels very low-level and barebones, requiring writing a lot of boilerplates (not very ergonomic).The only two advantages that I was able to spot compared to
oauth2-rs
are:oauth2-rs
, a separate API request is required to request the user's information with the access token returned by oauth2.I also noticed that many open PRs add new usage examples, but none have been merged, so I'm not sure about the status of this crate. For instance, I found the
google
example to be overly complicated and was able to reduce it down to 180 LOC by checking other examples. I thought about submitting it as a PR but noticed that other similar PRs are still open and awaiting review.The text was updated successfully, but these errors were encountered: