Performs the OAuth 2.0 Authorization Code flow with PKCE to obtain a JWT
(ID token) from an OIDC provider. Opens the system browser for the user to
authenticate, and returns the ID token for use with amsync_fetch().
Usage
amsync_token(
client_id = Sys.getenv("OIDC_CLIENT_ID"),
client_secret = Sys.getenv("OIDC_CLIENT_SECRET"),
issuer = oidc_issuer(),
scopes = "openid email",
redirect_uri = "http://localhost:0",
timeout = 120
)Arguments
- client_id
The OIDC client ID (application ID). Defaults to the
OIDC_CLIENT_IDenvironment variable.- client_secret
The OIDC client secret. Required for "Web application" client types. Not needed for "Desktop app" client types (which use PKCE only). Defaults to the
OIDC_CLIENT_SECRETenvironment variable.- issuer
The OIDC issuer URL. Defaults to the
OIDC_ISSUERenvironment variable, falling back to Google ("https://accounts.google.com").- scopes
Space-separated OAuth scopes to request. Default
"openid email".- redirect_uri
Local redirect URI for the OAuth callback. Default
"http://localhost:0"binds to an OS-assigned ephemeral port (as recommended by RFC 8252 for native apps), which works with OIDC clients registered as "Desktop app" / loopback-IP types that accept any port. Supply an explicit port (e.g."http://localhost:8080") when your OIDC provider requires the redirect URI to match a pre-registered value.- timeout
Seconds to wait for the user to complete authentication. Default 120.
Examples
if (FALSE) { # interactive()
# Uses OIDC_CLIENT_ID and OIDC_CLIENT_SECRET env vars by default
token <- amsync_token()
# Or supply credentials directly
token <- amsync_token(
client_id = "YOUR_CLIENT_ID.apps.googleusercontent.com",
client_secret = "YOUR_CLIENT_SECRET"
)
# Use with amsync_fetch
doc <- amsync_fetch(server$url, "myDocId", token = token, tls = tls)
}