OAuth2 is a standard for authentication/authorization. It is implemented by big cloud providers - Azure, Google, Amazon - and beside many others also by GitLab or GitHub.
What is is it good for? You can integrate your application with a service provider, or many of them, with one pattern. The common troubles are solved so you just focus on making business (most of the time). Mostly, a library is available so you don’t even need to implement the protocol.
So, what about Rust? Rust has oauth libraries. They are great for solving the machine-to-machine communication. But rust is not quite GUI yet. And there is a big part in OAuth2 that is about human interaction - in a web GUI.
Various providers may want to enforce their own policies, authentication options, request two factor authentication, let alone branding and so on. While there are authentication flows without the UI requirement, these are considered inferior to full human interaction. The OAuth2 standard solves this by sending the user through a browser to an authorization page of the provider. Once all the checks are done, the user’s browser is sent back to the app with a redirect URI containing a temporal authorization code. The app can then use this code to redeem an access/refresh token.
The good news is that a web view binding has been added to the Rust bunch of crates. Web view wraps system’s native web browser so you can make a Web GUI available in a uniform way on all supported platforms. Wry is one such crate. With a recent addition of a CustomProtocol feature, I was able to make it do an OAuth2 user interaction and bring back the authorization code in a few lines of Rust.
So, what does it do? The app will open a web window taking you to the OAuth provider’s auth page. You will do your user interaction there… The app sends you there with a redirect URI, the place the provider will redirect you to after completing the interaction. This redirect is then intercepted by the app and it gains the information about the authorization code. In the simple example, it just dumps the code to the console, but a smarter app would redeem a token for the code.