Performs the OAuth 2.0 Authorization Code flow with PKCE to obtain a JWT
(ID token) from an OIDC provider. Opens the system browser for the user to
authenticate, and returns the ID token for use with amsync_fetch().
Usage
amsync_token(
client_id = Sys.getenv("OIDC_CLIENT_ID"),
client_secret = Sys.getenv("OIDC_CLIENT_SECRET"),
issuer = oidc_issuer(),
scopes = "openid email",
redirect_uri = "http://localhost:5173",
timeout = 120
)Arguments
- client_id
The OIDC client ID (application ID). Defaults to the
OIDC_CLIENT_IDenvironment variable.- client_secret
The OIDC client secret. Required for "Web application" client types. Not needed for "Desktop app" client types (which use PKCE only). Defaults to the
OIDC_CLIENT_SECRETenvironment variable.- issuer
The OIDC issuer URL. Defaults to the
OIDC_ISSUERenvironment variable, falling back to Google ("https://accounts.google.com").- scopes
Space-separated OAuth scopes to request. Default
"openid email".- redirect_uri
Local redirect URI for the OAuth callback. Default
"http://localhost:5173". Must match the redirect URI registered with the OIDC provider.- timeout
Seconds to wait for the user to complete authentication. Default 120.
Examples
if (FALSE) { # interactive()
# Uses OIDC_CLIENT_ID and OIDC_CLIENT_SECRET env vars by default
token <- amsync_token()
# Or supply credentials directly
token <- amsync_token(
client_id = "YOUR_CLIENT_ID.apps.googleusercontent.com",
client_secret = "YOUR_CLIENT_SECRET"
)
# Use with amsync_fetch
doc <- amsync_fetch(server$url, "myDocId", token = token, tls = tls)
}