feat: Add support for exchanging oauth code for access token

src/auth.rs

@@ -258,6 +258,31 @@ impl DeviceCodes {
     }
 }
 
+/// Exchange a code for a user access token
+///
+/// see: https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps
+pub async fn get_access_token(
+    crab: &crate::Octocrab,
+    client_id: &SecretString,
+    code: String,
+    client_secret: &SecretString,
+    redirect_uri: String,
+) -> Result<OAuth> {
+    let data: OAuth = crab
+        .post(
+            "/login/oauth/access_token",
+            Some(&ExchangeCodeForTokenParams {
+                client_id: client_id.expose_secret(),
+                client_secret: client_secret.expose_secret(),
+                code: &code,
+                redirect_uri: &redirect_uri,
+            }),
+        )
+        .await?;
+
+    Ok(data)
+}
+
 /// See https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps#input-parameters
 #[derive(Serialize)]
 struct DeviceFlow<'a> {
@@ -301,3 +326,15 @@ struct PollForDevice<'a> {
     /// Required. The grant type must be urn:ietf:params:oauth:grant-type:device_code.
     grant_type: &'static str,
 }
+
+#[derive(Serialize)]
+struct ExchangeCodeForTokenParams<'a> {
+    /// Required. The client ID for your GitHub App.
+    client_id: &'a str,
+    /// Required. The client secret for your GitHub App.
+    client_secret: &'a str,
+    /// Required. The code received from the POST <https://github.com/login/oauth/authorize?client_id=CLIENT_ID> request.
+    code: &'a str,
+    // Strongly recommended. The URL in your application where users will be sent after authorization.
+    redirect_uri: &'a str,
+}

tests/auth_oauth_flow_test.rs

@@ -0,0 +1,78 @@
+mod mock_error;
+
+use mock_error::setup_error_handler;
+use octocrab::{auth, Octocrab};
+use secrecy::SecretString;
+use serde_json::json;
+use wiremock::{
+    matchers::{method, path},
+    Mock, MockServer, ResponseTemplate,
+};
+
+async fn setup_post_api(template: ResponseTemplate) -> MockServer {
+    let mock_server = MockServer::start().await;
+
+    Mock::given(method("POST"))
+        .and(path(format!("/login/oauth/access_token")))
+        .respond_with(template.clone())
+        .mount(&mock_server)
+        .await;
+
+    setup_error_handler(
+        &mock_server,
+        &format!("POST on /login/oauth/access_token was not received"),
+    )
+    .await;
+    mock_server
+}
+
+fn setup_octocrab(uri: &str) -> Octocrab {
+    Octocrab::builder().base_uri(uri).unwrap().build().unwrap()
+}
+
+const CLIENT_SECRET: &str = "some_secret";
+const CLIENT_ID: &str = "some_client_id";
+const CODE: &str = "a_code";
+const REDIRECT_URI: &str = "https://yourapp/auth/callback-example";
+
+#[tokio::test]
+async fn should_return_access_token() {
+    let expected_response = json!({
+        "access_token":"gho_16C7e42F292c6912E7710c838347Ae178B4a",
+        "scope":"repo,gist",
+        "token_type":"bearer"
+        }
+    );
+    let template = ResponseTemplate::new(201).set_body_json(expected_response);
+    let mock_server = setup_post_api(template).await;
+    let client = setup_octocrab(&mock_server.uri());
+
+    let result = auth::get_access_token(
+        &client,
+        &SecretString::from(CLIENT_ID),
+        CODE.to_owned(),
+        &SecretString::from(CLIENT_SECRET),
+        REDIRECT_URI.to_owned(),
+    )
+    .await;
+
+    assert!(result.is_ok());
+}
+
+#[tokio::test]
+async fn should_fail_when_receving_a_server_error() {
+    let template = ResponseTemplate::new(500);
+    let mock_server = setup_post_api(template).await;
+    let client = setup_octocrab(&mock_server.uri());
+
+    let result = auth::get_access_token(
+        &client,
+        &SecretString::from(CLIENT_ID),
+        CODE.to_owned(),
+        &SecretString::from(CLIENT_SECRET),
+        REDIRECT_URI.to_owned(),
+    )
+    .await;
+
+    assert!(result.is_err());
+}