Simplify API

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "gcp_auth"
-version = "0.11.1"
+version = "0.12.0"
 edition = "2021"
 rust-version = "1.70"
 repository = "https://github.com/hrvolapeter/gcp_auth"
@@ -12,18 +12,21 @@ readme = "README.md"
 license = "MIT"
 
 [features]
-default = ["hyper-rustls/rustls-native-certs"]
+default = ["hyper-rustls/rustls-native-certs", "hyper-rustls/ring"]
 webpki-roots = ["hyper-rustls/webpki-roots"]
 
 [dependencies]
 async-trait = "0.1"
 base64 = "0.22"
+bytes = "1"
 chrono = { version = "0.4.31", features = ["serde"] }
 home = "0.5.5"
-hyper = { version = "0.14.2", features = ["client", "runtime", "http2"] }
-hyper-rustls = { version = "0.25", default-features = false, features = ["http1", "http2", "ring", "tokio-runtime"] }
+http = "1"
+http-body-util = "0.1"
+hyper = { version = "1", default-features = false, features = ["client", "http1", "http2"] }
+hyper-rustls = { version = "0.27", default-features = false, features = ["http1", "http2"] }
+hyper-util = { version = "0.1.4", features = ["client-legacy"] }
 ring = "0.17"
-rustls = "0.22"
 rustls-pemfile = "2"
 serde = { version = "1.0", features = ["derive", "rc"] }
 serde_json = "1.0"
@@ -35,5 +38,5 @@ url = "2"
 which = "6.0"
 
 [dev-dependencies]
-env_logger = "0.11"
 tokio = { version = "1.1", features = ["macros", "parking_lot", "rt-multi-thread"] }
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }

examples/simple.rs

@@ -1,9 +1,15 @@
 #[tokio::main]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
-    env_logger::init();
-    let authentication_manager = gcp_auth::AuthenticationManager::new().await?;
-    let _token = authentication_manager
-        .get_token(&["https://www.googleapis.com/auth/cloud-platform"])
+    tracing::subscriber::set_global_default(
+        tracing_subscriber::FmtSubscriber::builder()
+            .with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
+            .finish(),
+    )
+    .unwrap();
+
+    let token_provider = gcp_auth::provider().await?;
+    let _token = token_provider
+        .token(&["https://www.googleapis.com/auth/cloud-platform"])
         .await?;
     Ok(())
 }

src/config_default_credentials.rs

@@ -0,0 +1,107 @@
+use std::sync::Arc;
+
+use async_trait::async_trait;
+use bytes::Bytes;
+use http_body_util::Full;
+use hyper::header::CONTENT_TYPE;
+use hyper::{Method, Request};
+use serde::Serialize;
+use tokio::sync::RwLock;
+use tracing::{debug, instrument, Level};
+
+use crate::types::{AuthorizedUserRefreshToken, HttpClient, Token};
+use crate::{Error, TokenProvider};
+
+/// A token provider that uses the default user credentials
+///
+/// Reads credentials from `.config/gcloud/application_default_credentials.json`.
+#[derive(Debug)]
+pub struct ConfigDefaultCredentials {
+    client: HttpClient,
+    token: RwLock<Arc<Token>>,
+    credentials: AuthorizedUserRefreshToken,
+}
+
+impl ConfigDefaultCredentials {
+    /// Check for user credentials in the default location and try to deserialize them
+    pub async fn new() -> Result<Self, Error> {
+        let client = HttpClient::new()?;
+        Self::with_client(&client).await
+    }
+
+    pub(crate) async fn with_client(client: &HttpClient) -> Result<Self, Error> {
+        debug!("try to load credentials from {}", USER_CREDENTIALS_PATH);
+        let mut home = home::home_dir().ok_or(Error::Str("home directory not found"))?;
+        home.push(USER_CREDENTIALS_PATH);
+
+        let credentials = AuthorizedUserRefreshToken::from_file(&home)?;
+        debug!(project = ?credentials.quota_project_id, client = credentials.client_id, "found user credentials");
+
+        Ok(Self {
+            client: client.clone(),
+            token: RwLock::new(Self::fetch_token(&credentials, client).await?),
+            credentials,
+        })
+    }
+
+    #[instrument(level = Level::DEBUG, skip(cred, client))]
+    async fn fetch_token(
+        cred: &AuthorizedUserRefreshToken,
+        client: &HttpClient,
+    ) -> Result<Arc<Token>, Error> {
+        client
+            .token(
+                &|| {
+                    Request::builder()
+                        .method(Method::POST)
+                        .uri(DEFAULT_TOKEN_GCP_URI)
+                        .header(CONTENT_TYPE, "application/json")
+                        .body(Full::from(Bytes::from(
+                            serde_json::to_vec(&RefreshRequest {
+                                client_id: &cred.client_id,
+                                client_secret: &cred.client_secret,
+                                grant_type: "refresh_token",
+                                refresh_token: &cred.refresh_token,
+                            })
+                            .unwrap(),
+                        )))
+                        .unwrap()
+                },
+                "ConfigDefaultCredentials",
+            )
+            .await
+    }
+}
+
+#[async_trait]
+impl TokenProvider for ConfigDefaultCredentials {
+    async fn token(&self, _scopes: &[&str]) -> Result<Arc<Token>, Error> {
+        let token = self.token.read().await.clone();
+        if !token.has_expired() {
+            return Ok(token);
+        }
+
+        let mut locked = self.token.write().await;
+        let token = Self::fetch_token(&self.credentials, &self.client).await?;
+        *locked = token.clone();
+        Ok(token)
+    }
+
+    async fn project_id(&self) -> Result<Arc<str>, Error> {
+        self.credentials
+            .quota_project_id
+            .clone()
+            .ok_or(Error::Str("no project ID in user credentials"))
+    }
+}
+
+#[derive(Serialize, Debug)]
+struct RefreshRequest<'a> {
+    client_id: &'a str,
+    client_secret: &'a str,
+    grant_type: &'a str,
+    refresh_token: &'a str,
+}
+
+const DEFAULT_TOKEN_GCP_URI: &str = "https://accounts.google.com/o/oauth2/token";
+const USER_CREDENTIALS_PATH: &str = ".config/gcloud/application_default_credentials.json";