oauth_client_req_auth()
authenticates a request using the authentication
strategy defined by the auth
and auth_param
arguments to oauth_client()
.
This is used to authenticate the client as part of the OAuth flow, not
to authenticate a request on behalf of a user.
There are three built-in strategies:
oauth_client_req_body()
adds the client id and (optionally) the secret to the request body, as described in Section 2.3.1 of RFC 6749.oauth_client_req_header()
adds the client id and secret using HTTP basic authentication with theAuthorization
header, as described in Section 2.3.1 of RFC 6749.oauth_client_jwt_rs256()
adds a client assertion to the body using a JWT signed withjwt_sign_rs256()
using a private key, as described in Section 2.2 of RFC 7523.
You will generally not call these functions directly but will instead
specify them through the auth
argument to oauth_client()
. The req
and
client
parameters are automatically filled in; other parameters come from
the auth_params
argument.
Usage
oauth_client_req_auth(req, client)
oauth_client_req_auth_header(req, client)
oauth_client_req_auth_body(req, client)
oauth_client_req_auth_jwt_sig(req, client, claim, size = 256, header = list())
Arguments
- req
A httr2 request object.
- client
An oauth_client.
- claim
Claim set produced by
jwt_claim()
.- size
Size, in bits, of sha2 signature, i.e. 256, 384 or 512. Only for HMAC/RSA, not applicable for ECDSA keys.
- header
A named list giving additional fields to include in the JWT header.
Value
A modified HTTP request.
Examples
# Show what the various forms of client authentication look like
req <- request("https://example.com/whoami")
client1 <- oauth_client(
id = "12345",
secret = "56789",
token_url = "https://example.com/oauth/access_token",
name = "oauth-example",
auth = "body" # the default
)
# calls oauth_client_req_auth_body()
req_dry_run(oauth_client_req_auth(req, client1))
#> POST /whoami HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.7 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Content-Type: application/x-www-form-urlencoded
#> Content-Length: 35
#>
#> client_id=12345&client_secret=56789
client2 <- oauth_client(
id = "12345",
secret = "56789",
token_url = "https://example.com/oauth/access_token",
name = "oauth-example",
auth = "header"
)
# calls oauth_client_req_auth_header()
req_dry_run(oauth_client_req_auth(req, client2))
#> GET /whoami HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.7 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Authorization: <REDACTED>
#>
client3 <- oauth_client(
id = "12345",
key = openssl::rsa_keygen(),
token_url = "https://example.com/oauth/access_token",
name = "oauth-example",
auth = "jwt_sig",
auth_params = list(claim = jwt_claim())
)
# calls oauth_client_req_auth_header_jwt_sig()
req_dry_run(oauth_client_req_auth(req, client3))
#> POST /whoami HTTP/1.1
#> Host: example.com
#> User-Agent: httr2/1.0.7 r-curl/6.0.1 libcurl/7.81.0
#> Accept: */*
#> Accept-Encoding: deflate, gzip, br, zstd
#> Content-Type: application/x-www-form-urlencoded
#> Content-Length: 623
#>
#> client_assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3MzI3MTc0NTMsIm5iZiI6MTczMjcxNzE1MywiaWF0IjoxNzMyNzE3MTUzLCJqdGkiOiJOZ1VRMmc2Y2xZdlJsVUk4akRDcnFxaW9CaWtQay1SVWxuemhvd0pPUTJZIn0.GcY8uowX6qN0MZYtd0GNydBNwKHm56G-aMAzZI9zQtBcheJmdEaoATYZaS28GsAl3L_NCeU1kx8krCSdqtnHc3RwY8WGRKGJyohpEVjgCXUOFiSMSRr_mOds6HqAeVAdF_CvzUjUydtlXHEOoTclo4l6S_9gDWXib0aJvSLiWM7CYsbO7-MzbWUtGL1IUd1fbFlHXX4_GCLkyU5uFc7whZUofHSmzWFy2Rtx9U_FOt6YMqvfHtoWxnhQFu6G5TpVART63o6TIGkv7HNL_YDe6XqaVBvVLCSp3okc7PZ78Q9TkqxQ8TBcwuxVQKwnX57CLtAKl4PgS3A3pIiq16zXgg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer