Skip to content

OAuth client authentication

Source: R/oauth-client.R
oauth_client_req_auth.Rd

oauth_client_req_auth() authenticates a request using the authentication strategy defined by the auth and auth_param arguments to oauth_client(). This is used to authenticate the client as part of the OAuth flow, not to authenticate a request on behalf of a user.

There are three built-in strategies:

  • oauth_client_req_body() adds the client id and (optionally) the secret to the request body, as described in Section 2.3.1 of RFC 6749.

  • oauth_client_req_header() adds the client id and secret using HTTP basic authentication with the Authorization header, as described in Section 2.3.1 of RFC 6749.

  • oauth_client_jwt_rs256() adds a client assertion to the body using a JWT signed with jwt_sign_rs256() using a private key, as described in Section 2.2 of RFC 7523.

You will generally not call these functions directly but will instead specify them through the auth argument to oauth_client(). The req and client parameters are automatically filled in; other parameters come from the auth_params argument.

Usage

oauth_client_req_auth(req, client)

oauth_client_req_auth_header(req, client)

oauth_client_req_auth_body(req, client)

oauth_client_req_auth_jwt_sig(req, client, claim, size = 256, header = list())

Arguments

req

A httr2 request object.

client

An oauth_client.

claim

Claim set produced by jwt_claim().

size

Size, in bits, of sha2 signature, i.e. 256, 384 or 512. Only for HMAC/RSA, not applicable for ECDSA keys.

header

A named list giving additional fields to include in the JWT header.

Value

A modified HTTP request.

Examples

# Show what the various forms of client authentication look like
req <- request("https://example.com/whoami")

client1 <- oauth_client(
  id = "12345",
  secret = "56789",
  token_url = "https://example.com/oauth/access_token",
  name = "oauth-example",
  auth = "body" # the default
)
# calls oauth_client_req_auth_body()
req_dry_run(oauth_client_req_auth(req, client1))
#> POST /whoami HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.6.9000 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Content-Type: application/x-www-form-urlencoded
#> Content-Length: 35
#> 
#> client_id=12345&client_secret=56789

client2 <- oauth_client(
  id = "12345",
  secret = "56789",
  token_url = "https://example.com/oauth/access_token",
  name = "oauth-example",
  auth = "header"
)
# calls oauth_client_req_auth_header()
req_dry_run(oauth_client_req_auth(req, client2))
#> GET /whoami HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.6.9000 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Authorization: <REDACTED>
#> 

client3 <- oauth_client(
  id = "12345",
  key = openssl::rsa_keygen(),
  token_url = "https://example.com/oauth/access_token",
  name = "oauth-example",
  auth = "jwt_sig",
  auth_params = list(claim = jwt_claim())
)
# calls oauth_client_req_auth_header_jwt_sig()
req_dry_run(oauth_client_req_auth(req, client3))
#> POST /whoami HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.6.9000 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Content-Type: application/x-www-form-urlencoded
#> Content-Length: 623
#> 
#> client_assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3MzIwMDMxMTAsIm5iZiI6MTczMjAwMjgxMCwiaWF0IjoxNzMyMDAyODEwLCJqdGkiOiI1SVJ6X19PM0pEWGQzd3piSkNlbVBBV0ZudG9ZajFnSWx3akpOZk9PV1hBIn0.NTpsOUzCg_WgAPWhZc8kcdc2uMs0WrMQCDoEet1OIPrFORExuml0825TpwCJLctSsC-NvTgwERkj-HdTLuLDqlN_ZZ5j9_D9qB7TlnlNB7zz4cj5kilfJn9SxuHkAc1t93HH4c2BhUglc0Ji-7siEGWHUmJb-RqhFNtAZRbYaW7wsqaJiqwoaYk2J2TCe9E-W8WD7qGdf2vKjR6B8y4AAQrEKtRCYOu-uwZexr9EROHJw_0Lpxu4EjQpZCidl4W0aRIerRaj_kuWK7k2ZF0pYgwgGqnSr5IncmdlUatw2d0E7tYqgvn_pt8x4Gho7JhNK5u4xe978m0oZKB0teX7tg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer