2 files changed, 54 insertions, 0 deletions

diff --git a/lib/auth/Cargo.toml b/lib/auth/Cargo.toml
new file mode 100644
index 0000000..0852935
--- /dev/null
+++ b/lib/auth/Cargo.toml
@@ -0,0 +1,13 @@
+[package]
+name = "sellershut-auth"
+version = "0.1.0"
+edition = "2024"
+license.workspace = true
+documentation.workspace = true
+
+[dependencies]
+bon.workspace = true
+oauth2.workspace = true
+secrecy.workspace = true
+thiserror.workspace = true
+url.workspace = true
diff --git a/lib/auth/src/lib.rs b/lib/auth/src/lib.rs
new file mode 100644
index 0000000..2a1390e
--- /dev/null
+++ b/lib/auth/src/lib.rs
@@ -0,0 +1,41 @@
+use bon::Builder;
+use oauth2::{AuthUrl, ClientId, ClientSecret, EndpointNotSet, EndpointSet, RedirectUrl, TokenUrl};
+use secrecy::{ExposeSecret, SecretString};
+use thiserror::Error;
+
+#[derive(Builder)]
+pub struct ClientOptions {
+    client_id: String,
+    client_secret: SecretString,
+    token_url: String,
+    auth_url: String,
+    redirect_url: String,
+}
+
+#[derive(Error, Debug)]
+pub enum OauthError {
+    #[error("invalid url")]
+    InvalidUrl(#[from] url::ParseError),
+}
+
+pub type OauthClient = oauth2::basic::BasicClient<
+    EndpointSet,
+    EndpointNotSet,
+    EndpointNotSet,
+    EndpointNotSet,
+    EndpointSet,
+>;
+
+pub fn oauth_client(opts: &ClientOptions) -> Result<OauthClient, OauthError> {
+    let redirect_url = RedirectUrl::new(opts.redirect_url.to_owned())?;
+    let client_id = ClientId::new(opts.client_id.to_owned());
+    let auth_url = AuthUrl::new(opts.auth_url.to_owned())?;
+    let token_url = TokenUrl::new(opts.token_url.to_owned())?;
+    let client_secret = ClientSecret::new(opts.client_secret.expose_secret().to_string());
+
+    Ok(oauth2::basic::BasicClient::new(client_id)
+        .set_client_secret(client_secret)
+        .set_auth_uri(auth_url)
+        .set_token_uri(token_url)
+        .set_redirect_uri(redirect_url))
+}