Forem: Avinash Pokhrel

Building a Google OAuth CLI in Rust with PKCE (and surviving the borrow checker)

Avinash Pokhrel — Sat, 04 Apr 2026 15:11:34 +0000

Building a Google OAuth CLI in Rust with PKCE

TL;DR: I built a tiny CLI that opens a Google login in your browser, receives the OAuth callback, exchanges the code using PKCE, and prints basic public profile info (email, name, picture). It took me about 5 hours in Rust, mainly because of ownership, String vs &str, and lifetime wrangling—but the result is a clean, secure local flow that avoids shipping secrets in source control.

Repository: Source Code

Why I did this

I wondered how Github CLI login works under the hood, and I wanted to build a similar flow for Google. So I decided to implement it myself.

Also: I wanted to do it in Rust.

The minimal shape of the flow

High level, the app does these things:

Load client config from environment variables
Generate a PKCE code_verifier and code_challenge
Start a local HTTP server bound to localhost:0 (OS chooses the port)
Build and print the Google authorization URL
You open the URL and log in
Google redirects to http://localhost:<port>/oauth/google/callback?code=...
The app exchanges the code for tokens using the original code_verifier
The app decodes the id_token payload and prints basic public profile info:
- email
- name
- picture

That's it. No browser automation, no pasting codes - just a local browser flow.

Why PKCE?

If you build a non-confidential client (CLI, desktop, mobile), you can't assume a client secret will stay secret. PKCE ensures that even if an authorization code is intercepted, the attacker can't redeem it without the original code_verifier. The server verifies that the code_challenge sent during login matches the code_verifier sent during the token exchange.

The Rust experience (short)

It took longer than Python/JS would have. Much longer.
The protocol itself is simple; the trouble in my case was dealing with lifetimes, moving/borrowing strings into collections, and convincing the compiler that nothing will outlive its owner.
The result is robust and fast, but plan for extra time if you're learning Rust and OAuth at the same time.

If you're in a hurry and don't care about learning Rust, use Python or JS for a prototype.

Important setup note

Before running this, create an OAuth client in Google Cloud Console and choose "Desktop app" as the client type. This makes the client configuration suitable for local callback flows. After that, copy /.env.example to /.env and fill only these two values:

GOOGLE_OAUTH_CLIENT_ID
GOOGLE_OAUTH_CLIENT_SECRET

Everything else (scope, authorization/token endpoints) can be copied from .env.example shipped in the repo.

Running it

Create the desktop OAuth client in Google Cloud.
Copy .env.example to .env and set GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET.
cargo run --release (or build and run the binary).
The CLI prints an authorization URL—open it in your browser and log in.
After the Google consent screen, the browser will redirect to the temporary localhost server; the CLI prints your email, name, and picture.

Note: the server binds to localhost:0, so the OS chooses a free port. This avoids port collisions.

Security caveats (this is a learning project)

I use PKCE, which is appropriate for public clients.
The ID token payload is decoded and read; I do not (in this learning version) fully validate the JWT signature, issuer, audience, nonce, or expiration. For production use, you must validate these claims and verify the token signature.
The app reads client secrets from .env.

Closing thoughts

This project was my way to learn OAuth (the protocol) and Rust (the language) together. The final flow is clean: the CLI asks the user to log in and returns the public profile info without ever storing secrets in the repo.

If you want to try it:

Fork or clone the repo
Create a Desktop OAuth client in Google Cloud
Set the two env vars and run it

From Pixels to Performance: GUI Clock in C !

Avinash Pokhrel — Sat, 15 Nov 2025 08:27:06 +0000

Excited to share a side project I completed recently: a classic desktop clock GUI implemented entirely in C using two powerful graphics frameworks. This project was a great exercise in low-level, high-performance programming:

SDL2 (Simple DirectMedia Layer): The C implementation focused on low-level control and graphics pipelines.

Code
Raylib: This C version prioritized simplicity and rapid development, leveraging its clean, immediate-mode drawing API for a highly performant and lightweight result.

Code

Key takeaways from this project:

Explored the trade-offs between low-level control (SDL2) and developer productivity (Raylib), all within the constraints of C.
Gained experience in cross-platform compilation and dependency management, as reflected in the CI/CD pipeline developed for this project.
Confirmed C's unmatched strength in creating lightweight, highly performant desktop applications.

What is Programming ?

Avinash Pokhrel — Sat, 06 Sep 2025 22:45:08 +0000

Programming: The Art and Science of Telling Computers What to Do

Programming, often called the “language of computers,” is the process of writing instructions that a computer can understand and execute. At its core, it’s about solving problems—taking a real-world challenge, breaking it down into smaller steps, and designing a logical sequence to achieve the desired outcome.

Why Programming Matters

We live in a digital world where almost every device, from smartphones to washing machines, runs on software. Behind that software lies programming. It enables innovation in medicine, finance, entertainment, communication, and even space exploration. Simply put, programming powers modern civilization.

How Programming Works

A computer does not understand human language—it understands only binary (0s and 1s). Programming languages bridge this gap. They allow developers to express ideas in a more human-readable form, which compilers or interpreters then translate into machine code.

Some popular programming languages include:

Python – Known for simplicity and versatility; widely used in AI and data science.
JavaScript – The backbone of web development, making websites interactive.
C/C++ – Powerful languages used in operating systems, gaming, and embedded systems.
Go & Rust – Modern languages that emphasize performance and safety.

The Skills Programming Teaches

Beyond technical ability, programming develops:

Problem-solving: Breaking complex tasks into smaller, manageable steps.
Logical thinking: Learning to reason systematically.
Creativity: Building solutions from scratch.
Persistence: Debugging teaches patience and resilience.

The Future of Programming

As artificial intelligence and automation evolve, some believe programming will become more abstract—focusing less on writing code line by line and more on defining problems and constraints. Yet, the fundamental skill of computational thinking will remain crucial.

Conclusion

Programming is more than just typing code. It’s a creative, logical, and deeply impactful activity that shapes the way we live and work. Whether you dream of building apps, analyzing data, or creating the next big startup, learning programming is an investment that opens endless doors.