Building a Google OAuth CLI in Rust with PKCE (and surviving the borrow checker)

Building a Google OAuth CLI in Rust with PKCE TL;DR: I built a tiny CLI that opens a Google login in your browser, receives the OAuth callback, exchanges the code using PKCE, and prints basic public profile info (email, name, picture). It took me about 5 hours in Rust, mainly because of ownership, String vs &str, and lifetime wrangling—but the result is a clean, secure local flow that avoids shipping secrets in source control. Repository: Source Code Why I did this I wondered how Github CLI login works under the hood, and I wanted to build a similar flow for Google. So I decided to implement it myself. Also: I wanted to do it in Rust. The minimal shape of the flow High level, the app does these things: Load client config from environment variables Generate a PKCE code_verifier and code_challenge Start a local HTTP server bound to localhost:0 (OS chooses the port) Build and print the Google authorization URL You open the URL and log in Google redirects to http://localhost:<port&g