From 78f61ccdf66572d7432b5b627994038479103653 Mon Sep 17 00:00:00 2001
From: rtkay123 <dev@kanjala.com>
Date: Sun, 1 Feb 2026 15:20:13 +0200
Subject: feat: oauth from config

---
 lib/auth/src/lib.rs | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 lib/auth/src/lib.rs

(limited to 'lib/auth/src/lib.rs')

diff --git a/lib/auth/src/lib.rs b/lib/auth/src/lib.rs
new file mode 100644
index 0000000..2a1390e
--- /dev/null
+++ b/lib/auth/src/lib.rs
@@ -0,0 +1,41 @@
+use bon::Builder;
+use oauth2::{AuthUrl, ClientId, ClientSecret, EndpointNotSet, EndpointSet, RedirectUrl, TokenUrl};
+use secrecy::{ExposeSecret, SecretString};
+use thiserror::Error;
+
+#[derive(Builder)]
+pub struct ClientOptions {
+    client_id: String,
+    client_secret: SecretString,
+    token_url: String,
+    auth_url: String,
+    redirect_url: String,
+}
+
+#[derive(Error, Debug)]
+pub enum OauthError {
+    #[error("invalid url")]
+    InvalidUrl(#[from] url::ParseError),
+}
+
+pub type OauthClient = oauth2::basic::BasicClient<
+    EndpointSet,
+    EndpointNotSet,
+    EndpointNotSet,
+    EndpointNotSet,
+    EndpointSet,
+>;
+
+pub fn oauth_client(opts: &ClientOptions) -> Result<OauthClient, OauthError> {
+    let redirect_url = RedirectUrl::new(opts.redirect_url.to_owned())?;
+    let client_id = ClientId::new(opts.client_id.to_owned());
+    let auth_url = AuthUrl::new(opts.auth_url.to_owned())?;
+    let token_url = TokenUrl::new(opts.token_url.to_owned())?;
+    let client_secret = ClientSecret::new(opts.client_secret.expose_secret().to_string());
+
+    Ok(oauth2::basic::BasicClient::new(client_id)
+        .set_client_secret(client_secret)
+        .set_auth_uri(auth_url)
+        .set_token_uri(token_url)
+        .set_redirect_uri(redirect_url))
+}
-- 
cgit v1.2.3