Merge #22

bors[bot] · Dinnerbone · Emilgardis · web-flow · commit b7433d2b86f6 · 2020-12-12T20:44:42.000Z
22: Add refresh ability to user tokens, and expose tokens for storage r=Emilgardis a=Dinnerbone

This changes the API by adding an extra (optional) client secret field.

I also make some fields pub so that an application can retrieve them post-refresh and store them for the next run.

Co-authored-by: Nathan Adams &lt;dinnerbone@dinnerbone.com&gt;
Co-authored-by: Emil Gardström &lt;emil.gardstrom@gmail.com&gt;
diff --git a/examples/user_token.rs b/examples/user_token.rs
@@ -13,6 +13,10 @@ async fn main() {
             .ok()
             .or_else(|| args.next())
             .map(twitch_oauth2::RefreshToken::new),
+        std::env::var("TWITCH_CLIENT_SECRET")
+            .ok()
+            .or_else(|| args.next())
+            .map(twitch_oauth2::ClientSecret::new),
     )
     .await
     .unwrap();
diff --git a/src/lib.rs b/src/lib.rs
@@ -19,7 +19,7 @@
 //! # let reqwest_http_client = twitch_oauth2::dummy_http_client; // This is only here to fool doc tests
 //!     let token = AccessToken::new("sometokenherewhichisvalidornot".to_string());
 //!
-//!     match UserToken::from_existing(reqwest_http_client, token, None).await {
+//!     match UserToken::from_existing(reqwest_http_client, token, None, None).await {
 //!         Ok(t) => println!("user_token: {}", t.token().secret()),
 //!         Err(e) => panic!("got error: {}", e),
 //!     }
diff --git a/src/tokens/errors.rs b/src/tokens/errors.rs
@@ -1,53 +1,57 @@
-//! Errors
-
-use crate::id::TwitchTokenErrorResponse;
-use oauth2::HttpResponse as OAuth2HttpResponse;
-use oauth2::RequestTokenError;
-/// General errors for talking with twitch, currently only used in [AppAccessToken::get_app_access_token][crate::tokens::AppAccessToken::get_app_access_token]
-#[allow(missing_docs)]
-#[derive(thiserror::Error, Debug, displaydoc::Display)]
-pub enum TokenError<RE: std::error::Error + Send + Sync + 'static> {
-    /// request for token failed. {0}
-    Request(RequestTokenError<RE, TwitchTokenErrorResponse>),
-    /// could not parse url
-    ParseError(#[from] oauth2::url::ParseError),
-    /// could not get validation for token
-    ValidationError(#[from] ValidationError<RE>),
-}
-
-/// Errors for [validate_token][crate::validate_token]
-#[derive(thiserror::Error, Debug, displaydoc::Display)]
-pub enum ValidationError<RE: std::error::Error + Send + Sync + 'static> {
-    /// deserializations failed
-    DeserializeError(#[from] serde_json::Error),
-    /// token is not authorized for use
-    NotAuthorized,
-    /// twitch returned an unexpected status: {0}
-    TwitchError(TwitchTokenErrorResponse),
-    /// failed to request validation: {0}
-    Request(#[source] RE),
-}
-
-/// Errors for [revoke_token][crate::revoke_token]
-#[allow(missing_docs)]
-#[derive(thiserror::Error, Debug, displaydoc::Display)]
-pub enum RevokeTokenError<RE: std::error::Error + Send + Sync + 'static> {
-    /// 400 Bad Request: {0}
-    BadRequest(String),
-    /// failed to do revokation: {0}
-    RequestError(#[source] RE),
-    /// got unexpected return: {0:?}
-    Other(OAuth2HttpResponse),
-}
-
-/// Errors for [TwitchToken::refresh_token][crate::TwitchToken::refresh_token]
-#[allow(missing_docs)]
-#[derive(thiserror::Error, Debug, displaydoc::Display)]
-pub enum RefreshTokenError<RE: std::error::Error + Send + Sync + 'static> {
-    /// request for token failed. {0}
-    RequestError(#[source] RequestTokenError<RE, TwitchTokenErrorResponse>),
-    /// could not parse url
-    ParseError(#[from] oauth2::url::ParseError),
-    /// no refresh token found
-    NoRefreshToken,
-}
+//! Errors
+
+use crate::id::TwitchTokenErrorResponse;
+use oauth2::HttpResponse as OAuth2HttpResponse;
+use oauth2::RequestTokenError;
+/// General errors for talking with twitch, currently only used in [AppAccessToken::get_app_access_token][crate::tokens::AppAccessToken::get_app_access_token]
+#[allow(missing_docs)]
+#[derive(thiserror::Error, Debug, displaydoc::Display)]
+pub enum TokenError<RE: std::error::Error + Send + Sync + 'static> {
+    /// request for token failed. {0}
+    Request(RequestTokenError<RE, TwitchTokenErrorResponse>),
+    /// could not parse url
+    ParseError(#[from] oauth2::url::ParseError),
+    /// could not get validation for token
+    ValidationError(#[from] ValidationError<RE>),
+}
+
+/// Errors for [validate_token][crate::validate_token]
+#[derive(thiserror::Error, Debug, displaydoc::Display)]
+pub enum ValidationError<RE: std::error::Error + Send + Sync + 'static> {
+    /// deserializations failed
+    DeserializeError(#[from] serde_json::Error),
+    /// token is not authorized for use
+    NotAuthorized,
+    /// twitch returned an unexpected status: {0}
+    TwitchError(TwitchTokenErrorResponse),
+    /// failed to request validation: {0}
+    Request(#[source] RE),
+}
+
+/// Errors for [revoke_token][crate::revoke_token]
+#[allow(missing_docs)]
+#[derive(thiserror::Error, Debug, displaydoc::Display)]
+pub enum RevokeTokenError<RE: std::error::Error + Send + Sync + 'static> {
+    /// 400 Bad Request: {0}
+    BadRequest(String),
+    /// failed to do revokation: {0}
+    RequestError(#[source] RE),
+    /// got unexpected return: {0:?}
+    Other(OAuth2HttpResponse),
+}
+
+/// Errors for [TwitchToken::refresh_token][crate::TwitchToken::refresh_token]
+#[allow(missing_docs)]
+#[derive(thiserror::Error, Debug, displaydoc::Display)]
+pub enum RefreshTokenError<RE: std::error::Error + Send + Sync + 'static> {
+    /// request for token failed. {0}
+    RequestError(#[source] RequestTokenError<RE, TwitchTokenErrorResponse>),
+    /// could not parse url
+    ParseError(#[from] oauth2::url::ParseError),
+    /// no client secret found
+    ///
+    /// A client secret is needed to request a refreshed token.
+    NoClientSecretFound,
+    /// no refresh token found
+    NoRefreshToken,
+}
diff --git a/src/tokens/user_token.rs b/src/tokens/user_token.rs
@@ -2,17 +2,21 @@ use crate::tokens::{
     errors::{RefreshTokenError, ValidationError},
     Scope, TwitchToken,
 };
+use crate::ClientSecret;
 use oauth2::{AccessToken, ClientId, RefreshToken};
 use oauth2::{HttpRequest, HttpResponse};
 use std::future::Future;
 
 /// An User Token from the [OAuth implicit code flow](https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-implicit-code-flow) or [OAuth authorization code flow](https://dev.twitch.tv/docs/authentication/getting-tokens-oauth#oauth-authorization-code-flow)
 #[derive(Debug, Clone)]
 pub struct UserToken {
-    access_token: AccessToken,
+    /// The access token used to authenticate requests with
+    pub access_token: AccessToken,
     client_id: ClientId,
+    client_secret: Option<ClientSecret>,
     login: Option<String>,
-    refresh_token: Option<RefreshToken>,
+    /// The refresh token used to extend the life of this user token
+    pub refresh_token: Option<RefreshToken>,
     expires: Option<std::time::Instant>,
     scopes: Vec<Scope>,
 }
@@ -23,12 +27,14 @@ impl UserToken {
         access_token: impl Into<AccessToken>,
         refresh_token: impl Into<Option<RefreshToken>>,
         client_id: impl Into<ClientId>,
+        client_secret: impl Into<Option<ClientSecret>>,
         login: Option<String>,
         scopes: Option<Vec<Scope>>,
     ) -> UserToken {
         UserToken {
             access_token: access_token.into(),
             client_id: client_id.into(),
+            client_secret: client_secret.into(),
             login,
             refresh_token: refresh_token.into(),
             expires: None,
@@ -41,6 +47,7 @@ impl UserToken {
         http_client: C,
         access_token: AccessToken,
         refresh_token: impl Into<Option<RefreshToken>>,
+        client_secret: impl Into<Option<ClientSecret>>,
     ) -> Result<UserToken, ValidationError<RE>>
     where
         RE: std::error::Error + Send + Sync + 'static,
@@ -52,6 +59,7 @@ impl UserToken {
             access_token,
             refresh_token.into(),
             validated.client_id,
+            client_secret,
             validated.login,
             validated.scopes,
         ))
@@ -66,12 +74,30 @@ impl TwitchToken for UserToken {
 
     fn login(&self) -> Option<&str> { self.login.as_deref() }
 
-    async fn refresh_token<RE, C, F>(&mut self, _: C) -> Result<(), RefreshTokenError<RE>>
+    async fn refresh_token<RE, C, F>(
+        &mut self,
+        http_client: C,
+    ) -> Result<(), RefreshTokenError<RE>>
     where
         RE: std::error::Error + Send + Sync + 'static,
         C: FnOnce(HttpRequest) -> F,
-        F: Future<Output = Result<HttpResponse, RE>>, {
-        Err(RefreshTokenError::NoRefreshToken)
+        F: Future<Output = Result<HttpResponse, RE>>,
+    {
+        if let Some(client_secret) = self.client_secret.clone() {
+            let (access_token, expires, refresh_token) = if let Some(token) =
+                self.refresh_token.take()
+            {
+                crate::refresh_token(http_client, token, &self.client_id, &client_secret).await?
+            } else {
+                return Err(RefreshTokenError::NoRefreshToken);
+            };
+            self.access_token = access_token;
+            self.expires = expires;
+            self.refresh_token = refresh_token;
+            Ok(())
+        } else {
+            return Err(RefreshTokenError::NoClientSecretFound);
+        }
     }
 
     fn expires(&self) -> Option<std::time::Instant> { None }
