The "sf-client-credentials-grant" project is a Rust-based AWS Lambda function that facilitates the OAuth 2.0 Client Credentials Grant flow. This Lambda function is designed to request and receive access tokens from an OAuth 2.0 server, making it suitable for server-to-server authentication where a client can authenticate using its own credentials.
- Utilizes AWS Lambda and Rust for efficient and scalable serverless computing.
- Implements the OAuth 2.0 Client Credentials Grant flow.
- Securely handles sensitive information like client ID and secret.
- Parses and returns access token information in JSON format.
The project relies on several Rust crates, including:
lambda_runtime
: For AWS Lambda functions.reqwest
: For making HTTP requests.serde
andserde_json
: For serializing and deserializing JSON data.tokio
: For asynchronous runtime.tracing
andtracing-subscriber
: For logging and tracing.openssl
: For secure network connections.
Refer to Cargo.toml
for the complete list of dependencies and their versions.
Before deploying the Lambda function, ensure the following environment variables are set:
CLIENT_ID
: The OAuth 2.0 client ID.CLIENT_SECRET
: The OAuth 2.0 client secret.REQUEST_URL
: The URL to request the access token from.
To deploy this Lambda function:
- Compile the Rust project for the AWS Lambda environment:
cargo lambda build --release
- Deploy the Rust lambda:
cargo lambda deploy --profile=<YOUR_AWS_PROFILE_NAME>
- Configure the Lambda function's environment variables in the AWS Management Console or via the AWS CLI.
Once deployed, the Lambda function can be invoked through cargo lambda invoke
, AWS SDKs, the AWS CLI, or the AWS Management Console. The function will perform the Client Credentials Grant flow and return an access token response.
The Lambda function returns a response in JSON format containing the following fields:
access_token
: The obtained access token.expires_in
: The lifetime of the access token.refresh_token
: The refresh token, if provided.token_type
: The type of the token (typically "Bearer").req_id
: The AWS Lambda request ID.msg
: A message indicating the status
of the request (e.g., "Ok").
To contribute to this project or modify it for your own use, follow these steps:
- Clone the repository to your local machine.
- Install Rust and Cargo, following the official Rust installation guide.
- Install
cargo lambda
- Add a
.env
file containing the necessary environment variables. - Build the lambda and run a lambda emulator locally with your env vars:
cargo lambda watch --env-file .env
- Invoke the lambda from the command line:
cargo lambda invoke sf-client-credentials-grant --data-ascii '{}'
Do not hard-code sensitive information, such as client credentials, into the application. Use environment variables or AWS Secrets Manager for handling sensitive data.
For support or to report any issues, please file an issue on the project's GitHub repository.
This project is licensed under the MIT License. See the LICENSE file in the project repository for more information.