Inloggen
golang
/
flannel
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 71191dddb6
Aftakkingen Labels
flannel
/
vendor
/
golang.org
/
x
/
oauth2
/
google
/
google.go

google.go 4.7 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. // Copyright 2014 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. // Package google provides support for making OAuth2 authorized and
    6. 

  6. // authenticated HTTP requests to Google APIs.
    7. 

  7. // It supports the Web server flow, client-side credentials, service accounts,
    8. 

  8. // Google Compute Engine service accounts, and Google App Engine service
    9. 

  9. // accounts.
    10. 

  10. //
    11. 

  11. // For more information, please read
    12. 

  12. // https://developers.google.com/accounts/docs/OAuth2
    13. 

  13. // and
    14. 

  14. // https://developers.google.com/accounts/docs/application-default-credentials.
    15. 

  15. package google // import "golang.org/x/oauth2/google"
    16. 

  16. 

  17. import (
    18. 

  18. 	"encoding/json"
    19. 

  19. 	"errors"
    20. 

  20. 	"fmt"
    21. 

  21. 	"strings"
    22. 

  22. 	"time"
    23. 

  23. 

  24. 	"golang.org/x/oauth2"
    25. 

  25. 	"golang.org/x/oauth2/jwt"
    26. 

  26. 	"google.golang.org/cloud/compute/metadata"
    27. 

  27. )
    28. 

  28. 

  29. // Endpoint is Google's OAuth 2.0 endpoint.
    30. 

  30. var Endpoint = oauth2.Endpoint{
    31. 

  31. 	AuthURL:  "https://accounts.google.com/o/oauth2/auth",
    32. 

  32. 	TokenURL: "https://accounts.google.com/o/oauth2/token",
    33. 

  33. }
    34. 

  34. 

  35. // JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
    36. 

  36. const JWTTokenURL = "https://accounts.google.com/o/oauth2/token"
    37. 

  37. 

  38. // ConfigFromJSON uses a Google Developers Console client_credentials.json
    39. 

  39. // file to construct a config.
    40. 

  40. // client_credentials.json can be downloadable from https://console.developers.google.com,
    41. 

  41. // under "APIs & Auth" > "Credentials". Download the Web application credentials in the
    42. 

  42. // JSON format and provide the contents of the file as jsonKey.
    43. 

  43. func ConfigFromJSON(jsonKey []byte, scope ...string) (*oauth2.Config, error) {
    44. 

  44. 	type cred struct {
    45. 

  45. 		ClientID     string   `json:"client_id"`
    46. 

  46. 		ClientSecret string   `json:"client_secret"`
    47. 

  47. 		RedirectURIs []string `json:"redirect_uris"`
    48. 

  48. 		AuthURI      string   `json:"auth_uri"`
    49. 

  49. 		TokenURI     string   `json:"token_uri"`
    50. 

  50. 	}
    51. 

  51. 	var j struct {
    52. 

  52. 		Web       *cred `json:"web"`
    53. 

  53. 		Installed *cred `json:"installed"`
    54. 

  54. 	}
    55. 

  55. 	if err := json.Unmarshal(jsonKey, &j); err != nil {
    56. 

  56. 		return nil, err
    57. 

  57. 	}
    58. 

  58. 	var c *cred
    59. 

  59. 	switch {
    60. 

  60. 	case j.Web != nil:
    61. 

  61. 		c = j.Web
    62. 

  62. 	case j.Installed != nil:
    63. 

  63. 		c = j.Installed
    64. 

  64. 	default:
    65. 

  65. 		return nil, fmt.Errorf("oauth2/google: no credentials found")
    66. 

  66. 	}
    67. 

  67. 	if len(c.RedirectURIs) < 1 {
    68. 

  68. 		return nil, errors.New("oauth2/google: missing redirect URL in the client_credentials.json")
    69. 

  69. 	}
    70. 

  70. 	return &oauth2.Config{
    71. 

  71. 		ClientID:     c.ClientID,
    72. 

  72. 		ClientSecret: c.ClientSecret,
    73. 

  73. 		RedirectURL:  c.RedirectURIs[0],
    74. 

  74. 		Scopes:       scope,
    75. 

  75. 		Endpoint: oauth2.Endpoint{
    76. 

  76. 			AuthURL:  c.AuthURI,
    77. 

  77. 			TokenURL: c.TokenURI,
    78. 

  78. 		},
    79. 

  79. 	}, nil
    80. 

  80. }
    81. 

  81. 

  82. // JWTConfigFromJSON uses a Google Developers service account JSON key file to read
    83. 

  83. // the credentials that authorize and authenticate the requests.
    84. 

  84. // Create a service account on "Credentials" page under "APIs & Auth" for your
    85. 

  85. // project at https://console.developers.google.com to download a JSON key file.
    86. 

  86. func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) {
    87. 

  87. 	var key struct {
    88. 

  88. 		Email      string `json:"client_email"`
    89. 

  89. 		PrivateKey string `json:"private_key"`
    90. 

  90. 	}
    91. 

  91. 	if err := json.Unmarshal(jsonKey, &key); err != nil {
    92. 

  92. 		return nil, err
    93. 

  93. 	}
    94. 

  94. 	return &jwt.Config{
    95. 

  95. 		Email:      key.Email,
    96. 

  96. 		PrivateKey: []byte(key.PrivateKey),
    97. 

  97. 		Scopes:     scope,
    98. 

  98. 		TokenURL:   JWTTokenURL,
    99. 

  99. 	}, nil
    100. 

  100. }
    101. 

  101. 

  102. // ComputeTokenSource returns a token source that fetches access tokens
    103. 

  103. // from Google Compute Engine (GCE)'s metadata server. It's only valid to use
    104. 

  104. // this token source if your program is running on a GCE instance.
    105. 

  105. // If no account is specified, "default" is used.
    106. 

  106. // Further information about retrieving access tokens from the GCE metadata
    107. 

  107. // server can be found at https://cloud.google.com/compute/docs/authentication.
    108. 

  108. func ComputeTokenSource(account string) oauth2.TokenSource {
    109. 

  109. 	return oauth2.ReuseTokenSource(nil, computeSource{account: account})
    110. 

  110. }
    111. 

  111. 

  112. type computeSource struct {
    113. 

  113. 	account string
    114. 

  114. }
    115. 

  115. 

  116. func (cs computeSource) Token() (*oauth2.Token, error) {
    117. 

  117. 	if !metadata.OnGCE() {
    118. 

  118. 		return nil, errors.New("oauth2/google: can't get a token from the metadata service; not running on GCE")
    119. 

  119. 	}
    120. 

  120. 	acct := cs.account
    121. 

  121. 	if acct == "" {
    122. 

  122. 		acct = "default"
    123. 

  123. 	}
    124. 

  124. 	tokenJSON, err := metadata.Get("instance/service-accounts/" + acct + "/token")
    125. 

  125. 	if err != nil {
    126. 

  126. 		return nil, err
    127. 

  127. 	}
    128. 

  128. 	var res struct {
    129. 

  129. 		AccessToken  string `json:"access_token"`
    130. 

  130. 		ExpiresInSec int    `json:"expires_in"`
    131. 

  131. 		TokenType    string `json:"token_type"`
    132. 

  132. 	}
    133. 

  133. 	err = json.NewDecoder(strings.NewReader(tokenJSON)).Decode(&res)
    134. 

  134. 	if err != nil {
    135. 

  135. 		return nil, fmt.Errorf("oauth2/google: invalid token JSON from metadata: %v", err)
    136. 

  136. 	}
    137. 

  137. 	if res.ExpiresInSec == 0 || res.AccessToken == "" {
    138. 

  138. 		return nil, fmt.Errorf("oauth2/google: incomplete token received from metadata")
    139. 

  139. 	}
    140. 

  140. 	return &oauth2.Token{
    141. 

  141. 		AccessToken: res.AccessToken,
    142. 

  142. 		TokenType:   res.TokenType,
    143. 

  143. 		Expiry:      time.Now().Add(time.Duration(res.ExpiresInSec) * time.Second),
    144. 

  144. 	}, nil
    145. 

  145. }
    146.