feat(client): OAuth2 Client credential support (#259)
* Initial implementation * Added OAuth2 support to `client` config * Revert "Initial implementation" This reverts commit 7f2f3a603ae018b1cd1c6a282104f44cd9a1a1d1. * Restore vendored clientcredentials * configureOAuth2 is now a func (including tests) * README update * Use the same OAuth2Config in all related tests * Cleanup & comments
This commit is contained in:
		
							
								
								
									
										120
									
								
								vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										120
									
								
								vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,120 @@ | ||||
| // Copyright 2014 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| // Package clientcredentials implements the OAuth2.0 "client credentials" token flow, | ||||
| // also known as the "two-legged OAuth 2.0". | ||||
| // | ||||
| // This should be used when the client is acting on its own behalf or when the client | ||||
| // is the resource owner. It may also be used when requesting access to protected | ||||
| // resources based on an authorization previously arranged with the authorization | ||||
| // server. | ||||
| // | ||||
| // See https://tools.ietf.org/html/rfc6749#section-4.4 | ||||
| package clientcredentials // import "golang.org/x/oauth2/clientcredentials" | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"fmt" | ||||
| 	"net/http" | ||||
| 	"net/url" | ||||
| 	"strings" | ||||
|  | ||||
| 	"golang.org/x/oauth2" | ||||
| 	"golang.org/x/oauth2/internal" | ||||
| ) | ||||
|  | ||||
| // Config describes a 2-legged OAuth2 flow, with both the | ||||
| // client application information and the server's endpoint URLs. | ||||
| type Config struct { | ||||
| 	// ClientID is the application's ID. | ||||
| 	ClientID string | ||||
|  | ||||
| 	// ClientSecret is the application's secret. | ||||
| 	ClientSecret string | ||||
|  | ||||
| 	// TokenURL is the resource server's token endpoint | ||||
| 	// URL. This is a constant specific to each server. | ||||
| 	TokenURL string | ||||
|  | ||||
| 	// Scope specifies optional requested permissions. | ||||
| 	Scopes []string | ||||
|  | ||||
| 	// EndpointParams specifies additional parameters for requests to the token endpoint. | ||||
| 	EndpointParams url.Values | ||||
|  | ||||
| 	// AuthStyle optionally specifies how the endpoint wants the | ||||
| 	// client ID & client secret sent. The zero value means to | ||||
| 	// auto-detect. | ||||
| 	AuthStyle oauth2.AuthStyle | ||||
| } | ||||
|  | ||||
| // Token uses client credentials to retrieve a token. | ||||
| // | ||||
| // The provided context optionally controls which HTTP client is used. See the oauth2.HTTPClient variable. | ||||
| func (c *Config) Token(ctx context.Context) (*oauth2.Token, error) { | ||||
| 	return c.TokenSource(ctx).Token() | ||||
| } | ||||
|  | ||||
| // Client returns an HTTP client using the provided token. | ||||
| // The token will auto-refresh as necessary. | ||||
| // | ||||
| // The provided context optionally controls which HTTP client | ||||
| // is returned. See the oauth2.HTTPClient variable. | ||||
| // | ||||
| // The returned Client and its Transport should not be modified. | ||||
| func (c *Config) Client(ctx context.Context) *http.Client { | ||||
| 	return oauth2.NewClient(ctx, c.TokenSource(ctx)) | ||||
| } | ||||
|  | ||||
| // TokenSource returns a TokenSource that returns t until t expires, | ||||
| // automatically refreshing it as necessary using the provided context and the | ||||
| // client ID and client secret. | ||||
| // | ||||
| // Most users will use Config.Client instead. | ||||
| func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource { | ||||
| 	source := &tokenSource{ | ||||
| 		ctx:  ctx, | ||||
| 		conf: c, | ||||
| 	} | ||||
| 	return oauth2.ReuseTokenSource(nil, source) | ||||
| } | ||||
|  | ||||
| type tokenSource struct { | ||||
| 	ctx  context.Context | ||||
| 	conf *Config | ||||
| } | ||||
|  | ||||
| // Token refreshes the token by using a new client credentials request. | ||||
| // tokens received this way do not include a refresh token | ||||
| func (c *tokenSource) Token() (*oauth2.Token, error) { | ||||
| 	v := url.Values{ | ||||
| 		"grant_type": {"client_credentials"}, | ||||
| 	} | ||||
| 	if len(c.conf.Scopes) > 0 { | ||||
| 		v.Set("scope", strings.Join(c.conf.Scopes, " ")) | ||||
| 	} | ||||
| 	for k, p := range c.conf.EndpointParams { | ||||
| 		// Allow grant_type to be overridden to allow interoperability with | ||||
| 		// non-compliant implementations. | ||||
| 		if _, ok := v[k]; ok && k != "grant_type" { | ||||
| 			return nil, fmt.Errorf("oauth2: cannot overwrite parameter %q", k) | ||||
| 		} | ||||
| 		v[k] = p | ||||
| 	} | ||||
|  | ||||
| 	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.TokenURL, v, internal.AuthStyle(c.conf.AuthStyle)) | ||||
| 	if err != nil { | ||||
| 		if rErr, ok := err.(*internal.RetrieveError); ok { | ||||
| 			return nil, (*oauth2.RetrieveError)(rErr) | ||||
| 		} | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	t := &oauth2.Token{ | ||||
| 		AccessToken:  tk.AccessToken, | ||||
| 		TokenType:    tk.TokenType, | ||||
| 		RefreshToken: tk.RefreshToken, | ||||
| 		Expiry:       tk.Expiry, | ||||
| 	} | ||||
| 	return t.WithExtra(tk.Raw), nil | ||||
| } | ||||
		Reference in New Issue
	
	Block a user