Sign In
golang
/
flannel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f3b91209ce
Branches Tags
flannel
/
vendor
/
golang.org
/
x
/
oauth2
/
google
/
jwt.go

jwt.go 2.0 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. // Copyright 2015 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package google
    6. 

  6. 

  7. import (
    8. 

  8. 	"crypto/rsa"
    9. 

  9. 	"fmt"
    10. 

  10. 	"time"
    11. 

  11. 

  12. 	"golang.org/x/oauth2"
    13. 

  13. 	"golang.org/x/oauth2/internal"
    14. 

  14. 	"golang.org/x/oauth2/jws"
    15. 

  15. )
    16. 

  16. 

  17. // JWTAccessTokenSourceFromJSON uses a Google Developers service account JSON
    18. 

  18. // key file to read the credentials that authorize and authenticate the
    19. 

  19. // requests, and returns a TokenSource that does not use any OAuth2 flow but
    20. 

  20. // instead creates a JWT and sends that as the access token.
    21. 

  21. // The audience is typically a URL that specifies the scope of the credentials.
    22. 

  22. //
    23. 

  23. // Note that this is not a standard OAuth flow, but rather an
    24. 

  24. // optimization supported by a few Google services.
    25. 

  25. // Unless you know otherwise, you should use JWTConfigFromJSON instead.
    26. 

  26. func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.TokenSource, error) {
    27. 

  27. 	cfg, err := JWTConfigFromJSON(jsonKey)
    28. 

  28. 	if err != nil {
    29. 

  29. 		return nil, fmt.Errorf("google: could not parse JSON key: %v", err)
    30. 

  30. 	}
    31. 

  31. 	pk, err := internal.ParseKey(cfg.PrivateKey)
    32. 

  32. 	if err != nil {
    33. 

  33. 		return nil, fmt.Errorf("google: could not parse key: %v", err)
    34. 

  34. 	}
    35. 

  35. 	ts := &jwtAccessTokenSource{
    36. 

  36. 		email:    cfg.Email,
    37. 

  37. 		audience: audience,
    38. 

  38. 		pk:       pk,
    39. 

  39. 	}
    40. 

  40. 	tok, err := ts.Token()
    41. 

  41. 	if err != nil {
    42. 

  42. 		return nil, err
    43. 

  43. 	}
    44. 

  44. 	return oauth2.ReuseTokenSource(tok, ts), nil
    45. 

  45. }
    46. 

  46. 

  47. type jwtAccessTokenSource struct {
    48. 

  48. 	email, audience string
    49. 

  49. 	pk              *rsa.PrivateKey
    50. 

  50. }
    51. 

  51. 

  52. func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) {
    53. 

  53. 	iat := time.Now()
    54. 

  54. 	exp := iat.Add(time.Hour)
    55. 

  55. 	cs := &jws.ClaimSet{
    56. 

  56. 		Iss: ts.email,
    57. 

  57. 		Sub: ts.email,
    58. 

  58. 		Aud: ts.audience,
    59. 

  59. 		Iat: iat.Unix(),
    60. 

  60. 		Exp: exp.Unix(),
    61. 

  61. 	}
    62. 

  62. 	hdr := &jws.Header{
    63. 

  63. 		Algorithm: "RS256",
    64. 

  64. 		Typ:       "JWT",
    65. 

  65. 	}
    66. 

  66. 	msg, err := jws.Encode(hdr, cs, ts.pk)
    67. 

  67. 	if err != nil {
    68. 

  68. 		return nil, fmt.Errorf("google: could not encode JWT: %v", err)
    69. 

  69. 	}
    70. 

  70. 	return &oauth2.Token{AccessToken: msg, TokenType: "Bearer", Expiry: exp}, nil
    71. 

  71. }
    72.