feat: key not from file & other improvements

.github/workflows/ci.yaml

@@ -0,0 +1,13 @@
+name: Cargo checks
+on:
+  push:
+  pull_request:
+jobs:
+  clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+      - run: cargo clippy --workspace --all-features --all-targets -- -D warnings
+      - run: cargo test --workspace --all-features --all-targets
+      - run: cargo fmt -- --check

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 description = "HTTP Client for Google OAuth2"
 name = "gauth"
-version = "0.8.0"
+version = "0.9.0"
 authors = ["Simon Makarski <code@makarski.dev>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"
@@ -17,21 +17,21 @@ serde = "1"
 serde_json = "1"
 serde_derive = "1"
 dirs = "5.0.1"
-reqwest = { version = "0.11", features = ["json"] }
+reqwest = { version = "0.12.4", features = ["json"] }
 chrono = "0.4.31"
 base64 = "0.21.3"
 ring = "0.16.20"
 thiserror = "1.0.48"
 anyhow = "1.0.40"
 futures = { version = "0.3", features = ["executor"], optional = true }
-tokio = { version = "1.33.0", optional = true }
+tokio = { version = "1.33.0", features = ["test-util", "sync"] }
 log = { version = "0.4", optional = true }
 
 [dev-dependencies]
 mockito = "1.2.0"
-tokio = { version = "1.33.0", features = ["test-util"] }
+tokio = { version = "1.33.0", features = ["test-util", "rt", "macros", "rt-multi-thread"] }
 env_logger = "0.10.0"
 
 [features]
 app-blocking = ["dep:futures"]
-token-watcher = ["dep:tokio", "dep:async-trait", "dep:log"]
+token-watcher = ["dep:async-trait", "dep:log"]

README.md

@@ -11,7 +11,7 @@ The library supports the following Google Auth flows:
 
 ```toml
 [dependencies]
-gauth = "0.8"
+gauth = "0.9"
 ```
 
 #### OAuth2
@@ -45,7 +45,7 @@ It is also possible to make a **blocking call** to retrieve an access token. Thi
 
 ```
 [dependencies]
-gauth = { version = "0.8", features = ["app-blocking"] }
+gauth = { version = "0.9", features = ["app-blocking"] }
 ```
 
 ```rust,no_run
@@ -123,7 +123,7 @@ To resolve this, we adopted an experimental approach by developing a `token_prov
 
 ```
 [dependencies]
-gauth = { version = "0.8", features = ["token-watcher"] }
+gauth = { version = "0.9", features = ["token-watcher"] }
 ```
 
 ```rust,no_run

examples/async_token_provider.rs

@@ -12,8 +12,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         .nth(1)
         .expect("Provide a path to the service account key file");
 
-    let service_account =
-        ServiceAccount::from_file(&keypath, vec!["https://www.googleapis.com/auth/pubsub"]);
+    let service_account = ServiceAccount::from_file(&keypath)
+        .unwrap()
+        .scopes(vec!["https://www.googleapis.com/auth/pubsub"])
+        .build()
+        .unwrap();
 
     let tp = AsyncTokenProvider::new(service_account).with_interval(5);
 

src/app/mod.rs

@@ -90,7 +90,7 @@ impl Auth {
 
     /// App_name can be used to override the default app name
     pub fn app_name(mut self, app_name: &str) -> Self {
-        self.app_name = app_name.to_owned();
+        app_name.clone_into(&mut self.app_name);
         self
     }
 
@@ -260,7 +260,7 @@ mod tests {
 
     #[tokio::test]
     async fn test_access_token_success() {
-        let mut google = mockito::Server::new();
+        let mut google = mockito::Server::new_async().await;
         let google_host = google.url();
 
         google

src/serv_account/errors.rs

@@ -1,25 +1,57 @@
-use std::result::Result as StdResult;
+use reqwest::StatusCode;
+use ring::error::{KeyRejected, Unspecified};
+use std::{io, path::PathBuf};
 use thiserror::Error;
 
 #[derive(Debug, Error)]
-pub enum ServiceAccountError {
-    #[error("failed to read key file: {0}")]
-    ReadKey(String),
+pub enum ServiceAccountFromFileError {
+    #[error("failed to read key file: {0}: {1}")]
+    ReadFile(PathBuf, io::Error),
 
     #[error("failed to de/serialize to json")]
-    SerdeJson(#[from] serde_json::Error),
+    DeserializeFile(#[from] serde_json::Error),
 
-    #[error("failed to decode base64")]
-    Base64Decode(#[from] base64::DecodeError),
+    #[error("Failed to initialize service account: {0}")]
+    ServiceAccountInitialization(ServiceAccountBuildError),
 
-    #[error("failed to create rsa key pair: {0}")]
-    RsaKeyPair(String),
+    #[error("Failed to get access token: {0}")]
+    GetAccessToken(GetAccessTokenError),
+}
+
+#[derive(Debug, Error)]
+pub enum ServiceAccountBuildError {
+    #[error("RSA private key didn't start with PEM prefix: -----BEGIN PRIVATE KEY-----")]
+    RsaPrivateKeyNoPrefix,
 
-    #[error("failed to rsa sign: {0}")]
-    RsaSign(String),
+    #[error("RSA private key didn't end with PEM suffix: -----END PRIVATE KEY-----")]
+    RsaPrivateKeyNoSuffix,
 
-    #[error("failed to send request")]
-    HttpReqwest(#[from] reqwest::Error),
+    #[error("RSA private key could not be decoded as base64: {0}")]
+    RsaPrivateKeyDecode(base64::DecodeError),
+
+    #[error("RSA private key could not be parsed: {0}")]
+    RsaPrivateKeyParse(KeyRejected),
 }
 
-pub type Result<T> = StdResult<T, ServiceAccountError>;
+#[derive(Debug, Error)]
+pub enum GetAccessTokenError {
+    #[error("failed to serialize JSON: {0}")]
+    JsonSerialization(serde_json::Error),
+
+    #[error("failed to RSA sign: {0}")]
+    RsaSign(Unspecified),
+
+    #[error("failed to send request")]
+    HttpRequest(reqwest::Error),
+
+    #[error("failed to send request")]
+    HttpRequestUnsuccessful(StatusCode, std::result::Result<String, reqwest::Error>),
+
+    #[error("failed to get response JSON")]
+    HttpJson(reqwest::Error),
+
+    #[error("response returned non-Bearer auth access token: {0}")]
+    AccessTokenNotBearer(String),
+
+    // TODO error variant for invalid authentication
+}