oauth2/google/google.go

// Copyright 2014 The oauth2 Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Package google provides support for making
// OAuth2 authorized and authenticated HTTP requests
// to Google APIs. It supports Web server, client-side,
// service accounts, Google Compute Engine service accounts,
// and Google App Engine service accounts authorization
// and authentications flows:
//
// For more information, please read
// https://developers.google.com/accounts/docs/OAuth2.
package google

import (
	"encoding/json"
	"net/http"
	"path"
	"time"

	"github.com/golang/oauth2"
)

const (
	// Google endpoints.
	uriGoogleAuth  = "https://accounts.google.com/o/oauth2/auth"
	uriGoogleToken = "https://accounts.google.com/o/oauth2/token"
)

type metaTokenRespBody struct {
	AccessToken string        `json:"access_token"`
	ExpiresIn   time.Duration `json:"expires_in"`
	TokenType   string        `json:"token_type"`
}

// ComputeEngineConfig represents a OAuth 2.0 consumer client
// running on Google Compute Engine.
type ComputeEngineConfig struct {
	// Client is the default HTTP client to be used while retrieving
	// tokens from the OAuth 2.0 provider.
	Client *http.Client

	// Transport represents the default round tripper to be used
	// while constructing new oauth2.Transport instances from
	// this configuration.
	Transport http.RoundTripper

	account string
}

// NewConfig creates a new OAuth2 config that uses Google
// endpoints.
func NewConfig(opts *oauth2.Options) (*oauth2.Config, error) {
	return oauth2.NewConfig(opts, uriGoogleAuth, uriGoogleToken)
}

// NewServiceAccountConfig creates a new JWT config that can
// fetch Bearer JWT tokens from Google endpoints.
func NewServiceAccountConfig(opts *oauth2.JWTOptions) (*oauth2.JWTConfig, error) {
	return oauth2.NewJWTConfig(opts, uriGoogleToken)
}

// NewComputeEngineConfig creates a new config that can fetch tokens
// from Google Compute Engine instance's metaserver. If no account is
// provided, default is used.
func NewComputeEngineConfig(account string) *ComputeEngineConfig {
	return &ComputeEngineConfig{
		Client:    http.DefaultClient,
		Transport: http.DefaultTransport,
		account:   account,
	}
}

// NewTransport creates an authorized transport.
func (c *ComputeEngineConfig) NewTransport() *oauth2.Transport {
	return oauth2.NewTransport(c.Transport, c, nil)
}

// FetchToken retrieves a new access token via metadata server.
func (c *ComputeEngineConfig) FetchToken(existing *oauth2.Token) (token *oauth2.Token, err error) {
	account := "default"
	if c.account != "" {
		account = c.account
	}
	u := "http://" + path.Join("metadata/computeMetadata/v1/instance/service-accounts", account, "token")
	req, err := http.NewRequest("GET", u, nil)
	if err != nil {
		return
	}
	req.Header.Add("X-Google-Metadata-Request", "True")
	resp, err := c.Client.Do(req)
	if err != nil {
		return
	}
	defer resp.Body.Close()
	var tokenResp metaTokenRespBody
	err = json.NewDecoder(resp.Body).Decode(&tokenResp)
	if err != nil {
		return
	}
	token = &oauth2.Token{
		AccessToken: tokenResp.AccessToken,
		TokenType:   tokenResp.TokenType,
		Expiry:      time.Now().Add(tokenResp.ExpiresIn * time.Second),
	}
	return
}
Reverting the license back to the original. 2014-05-17 11:26:57 -04:00			`// Copyright 2014 The oauth2 Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`
oauth2: adding license. 2014-05-13 14:06:46 -04:00
Initial commit 2014-05-05 17:54:23 -04:00			`// Package google provides support for making`
			`// OAuth2 authorized and authenticated HTTP requests`
Minor docs fix. 2014-05-10 07:50:51 -04:00			`// to Google APIs. It supports Web server, client-side,`
			`// service accounts, Google Compute Engine service accounts,`
			`// and Google App Engine service accounts authorization`
			`// and authentications flows:`
Initial commit 2014-05-05 17:54:23 -04:00			`//`
			`// For more information, please read`
			`// https://developers.google.com/accounts/docs/OAuth2.`
			`package google`

			`import (`
Adding token fetching implementing for Compute Engine. 2014-05-11 11:06:03 -04:00			`"encoding/json"`
			`"net/http"`
			`"path"`
			`"time"`

Fix oauth2's import path. 2014-05-30 06:39:43 -04:00			`"github.com/golang/oauth2"`
Initial commit 2014-05-05 17:54:23 -04:00			`)`

			`const (`
			`// Google endpoints.`
			`uriGoogleAuth = "https://accounts.google.com/o/oauth2/auth"`
			`uriGoogleToken = "https://accounts.google.com/o/oauth2/token"`
			`)`

Adding token fetching implementing for Compute Engine. 2014-05-11 11:06:03 -04:00			`type metaTokenRespBody struct {`
			AccessToken string `json:"access_token"`
			ExpiresIn time.Duration `json:"expires_in"`
			TokenType string `json:"token_type"`
			`}`

oauth2: fixing abstractions to be able to provide external token fetchers 2014-05-10 03:41:39 -04:00			`// ComputeEngineConfig represents a OAuth 2.0 consumer client`
			`// running on Google Compute Engine.`
Adding token fetching implementing for Compute Engine. 2014-05-11 11:06:03 -04:00			`type ComputeEngineConfig struct {`
Do not assume that http.DefaultClient and http.DefaultTransport is always available. 2014-08-31 18:13:59 -04:00			`// Client is the default HTTP client to be used while retrieving`
			`// tokens from the OAuth 2.0 provider.`
			`Client *http.Client`

			`// Transport represents the default round tripper to be used`
			`// while constructing new oauth2.Transport instances from`
			`// this configuration.`
			`Transport http.RoundTripper`

Adding token fetching implementing for Compute Engine. 2014-05-11 11:06:03 -04:00			`account string`
			`}`
oauth2: fixing abstractions to be able to provide external token fetchers 2014-05-10 03:41:39 -04:00
Initial commit 2014-05-05 17:54:23 -04:00			`// NewConfig creates a new OAuth2 config that uses Google`
			`// endpoints.`
oauth2: removing unnecessary interface definitions. 2014-05-10 07:16:50 -04:00			`func NewConfig(opts oauth2.Options) (oauth2.Config, error) {`
Initial commit 2014-05-05 17:54:23 -04:00			`return oauth2.NewConfig(opts, uriGoogleAuth, uriGoogleToken)`
			`}`

oauth2: fixing abstractions to be able to provide external token fetchers 2014-05-10 03:41:39 -04:00			`// NewServiceAccountConfig creates a new JWT config that can`
			`// fetch Bearer JWT tokens from Google endpoints.`
oauth2: removing unnecessary interface definitions. 2014-05-10 07:16:50 -04:00			`func NewServiceAccountConfig(opts oauth2.JWTOptions) (oauth2.JWTConfig, error) {`
oauth2: fixing abstractions to be able to provide external token fetchers 2014-05-10 03:41:39 -04:00			`return oauth2.NewJWTConfig(opts, uriGoogleToken)`
			`}`

Initial commit 2014-05-05 17:54:23 -04:00			`// NewComputeEngineConfig creates a new config that can fetch tokens`
Adding token fetching implementing for Compute Engine. 2014-05-11 11:06:03 -04:00			`// from Google Compute Engine instance's metaserver. If no account is`
			`// provided, default is used.`
Constructor can't return an error for Compute Engine confs. 2014-05-30 07:02:54 -04:00			`func NewComputeEngineConfig(account string) *ComputeEngineConfig {`
Do not assume that http.DefaultClient and http.DefaultTransport is always available. 2014-08-31 18:13:59 -04:00			`return &ComputeEngineConfig{`
			`Client: http.DefaultClient,`
			`Transport: http.DefaultTransport,`
			`account: account,`
			`}`
Initial commit 2014-05-05 17:54:23 -04:00			`}`

oauth2: fixing abstractions to be able to provide external token fetchers 2014-05-10 03:41:39 -04:00			`// NewTransport creates an authorized transport.`
Don't provide a Transport interface but provide a http.RoundTripper implementation. 2014-08-14 01:22:35 -04:00			`func (c ComputeEngineConfig) NewTransport() oauth2.Transport {`
Do not assume that http.DefaultClient and http.DefaultTransport is always available. 2014-08-31 18:13:59 -04:00			`return oauth2.NewTransport(c.Transport, c, nil)`
oauth2: fixing abstractions to be able to provide external token fetchers 2014-05-10 03:41:39 -04:00			`}`

			`// FetchToken retrieves a new access token via metadata server.`
Adding token fetching implementing for Compute Engine. 2014-05-11 11:06:03 -04:00			`func (c ComputeEngineConfig) FetchToken(existing oauth2.Token) (token *oauth2.Token, err error) {`
			`account := "default"`
			`if c.account != "" {`
			`account = c.account`
			`}`
			`u := "http://" + path.Join("metadata/computeMetadata/v1/instance/service-accounts", account, "token")`
			`req, err := http.NewRequest("GET", u, nil)`
			`if err != nil {`
			`return`
			`}`
			`req.Header.Add("X-Google-Metadata-Request", "True")`
Do not assume that http.DefaultClient and http.DefaultTransport is always available. 2014-08-31 18:13:59 -04:00			`resp, err := c.Client.Do(req)`
Adding token fetching implementing for Compute Engine. 2014-05-11 11:06:03 -04:00			`if err != nil {`
			`return`
			`}`
			`defer resp.Body.Close()`
			`var tokenResp metaTokenRespBody`
			`err = json.NewDecoder(resp.Body).Decode(&tokenResp)`
			`if err != nil {`
			`return`
			`}`
			`token = &oauth2.Token{`
			`AccessToken: tokenResp.AccessToken,`
			`TokenType: tokenResp.TokenType,`
			`Expiry: time.Now().Add(tokenResp.ExpiresIn * time.Second),`
			`}`
			`return`
Initial commit 2014-05-05 17:54:23 -04:00			`}`