oauth2/google/internal/externalaccount/sts_exchange.go

// Copyright 2020 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package externalaccount

import (
	"context"
	"encoding/json"
	"fmt"
	"golang.org/x/oauth2"
	"io"
	"io/ioutil"
	"net/http"
	"net/url"
	"strconv"
	"strings"
)

func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*STSTokenExchangeResponse, error) {

	client := oauth2.NewClient(ctx, nil)

	data := url.Values{}
	data.Set("audience", request.Audience)
	data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange")
	data.Set("requested_token_type", "urn:ietf:params:oauth:token-type:access_token")
	data.Set("subject_token_type", request.SubjectTokenType)
	data.Set("subject_token", request.SubjectToken)
	data.Set("scope", strings.Join(request.Scope, " "))
	opts, err := json.Marshal(options)
	if err != nil {
		fmt.Errorf("oauth2/google: failed to marshal additional options: %v", err)
		return nil, err
	}
	data.Set("options", string(opts))

	authentication.InjectAuthentication(data, headers)
	encodedData := data.Encode()
	req, err := http.NewRequestWithContext(ctx, "POST", endpoint, strings.NewReader(encodedData))
	if err != nil {
		fmt.Errorf("oauth2/google: failed to properly build http request: %v", err)
	}
	for key, _ := range headers {
		for _, val := range headers.Values(key) {
			req.Header.Add(key, val)
		}
	}
	req.Header.Add("Content-Length", strconv.Itoa(len(encodedData)))

	resp, err := client.Do(req)
	if err != nil {
		fmt.Errorf("oauth2/google: invalid response from Secure Token Server: %v", err)
	}
	defer resp.Body.Close()
	body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
	if err != nil {
		fmt.Errorf("oauth2/google: invalid body in Secure Token Server response: %v", err)
	}
	var stsResp STSTokenExchangeResponse
	err = json.Unmarshal(body, &stsResp)
	if err != nil {
		fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err)
	}
	return &stsResp, nil
}

type STSTokenExchangeRequest struct {
	ActingParty struct {
		ActorToken     string
		ActorTokenType string
	}
	GrantType          string
	Resource           string
	Audience           string
	Scope              []string
	RequestedTokenType string
	SubjectToken       string
	SubjectTokenType   string
}

type STSTokenExchangeResponse struct {
	AccessToken     string `json:"access_token"`
	IssuedTokenType string `json:"issued_token_type"`
	TokenType       string `json:"token_type"`
	ExpiresIn       int    `json:"expires_in"`
	Scope           string `json:"scope"`
	RefreshToken    string `json:"refresh_token"`
}
google: fix more nits and return early in one error case. Change-Id: Idafbe36f4add6998e57878fec84a1080ac962511 2020-11-03 18:37:42 -05:00			`// Copyright 2020 The Go Authors. All rights reserved.`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`package externalaccount`

			`import (`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`"context"`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`"encoding/json"`
			`"fmt"`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`"golang.org/x/oauth2"`
			`"io"`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`"io/ioutil"`
			`"net/http"`
			`"net/url"`
			`"strconv"`
			`"strings"`
			`)`

google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`func ExchangeToken(ctx context.Context, endpoint string, request STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (STSTokenExchangeResponse, error) {`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`client := oauth2.NewClient(ctx, nil)`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00
			`data := url.Values{}`
			`data.Set("audience", request.Audience)`
			`data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange")`
			`data.Set("requested_token_type", "urn:ietf:params:oauth:token-type:access_token")`
			`data.Set("subject_token_type", request.SubjectTokenType)`
			`data.Set("subject_token", request.SubjectToken)`
			`data.Set("scope", strings.Join(request.Scope, " "))`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`opts, err := json.Marshal(options)`
google: fix more nits and return early in one error case. Change-Id: Idafbe36f4add6998e57878fec84a1080ac962511 2020-11-03 18:37:42 -05:00			`if err != nil {`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`fmt.Errorf("oauth2/google: failed to marshal additional options: %v", err)`
google: fix more nits and return early in one error case. Change-Id: Idafbe36f4add6998e57878fec84a1080ac962511 2020-11-03 18:37:42 -05:00			`return nil, err`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`}`
google: fix more nits and return early in one error case. Change-Id: Idafbe36f4add6998e57878fec84a1080ac962511 2020-11-03 18:37:42 -05:00			`data.Set("options", string(opts))`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00
Fixed import issues and test validity. 2020-10-19 18:17:49 -04:00			`authentication.InjectAuthentication(data, headers)`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`encodedData := data.Encode()`
google: fix more nits and return early in one error case. Change-Id: Idafbe36f4add6998e57878fec84a1080ac962511 2020-11-03 18:37:42 -05:00			`req, err := http.NewRequestWithContext(ctx, "POST", endpoint, strings.NewReader(encodedData))`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`if err != nil {`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`fmt.Errorf("oauth2/google: failed to properly build http request: %v", err)`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`}`
			`for key, _ := range headers {`
			`for _, val := range headers.Values(key) {`
			`req.Header.Add(key, val)`
			`}`
			`}`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`req.Header.Add("Content-Length", strconv.Itoa(len(encodedData)))`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00
			`resp, err := client.Do(req)`
			`if err != nil {`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`fmt.Errorf("oauth2/google: invalid response from Secure Token Server: %v", err)`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`}`
			`defer resp.Body.Close()`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`if err != nil {`
google: fix error formatting, add ctx argument Change-Id: If664a760005cc209c7398f2efce5ff324ebc4746 2020-11-03 16:44:17 -05:00			`fmt.Errorf("oauth2/google: invalid body in Secure Token Server response: %v", err)`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`}`
			`var stsResp STSTokenExchangeResponse`
			`err = json.Unmarshal(body, &stsResp)`
			`if err != nil {`
google: fix more nits and return early in one error case. Change-Id: Idafbe36f4add6998e57878fec84a1080ac962511 2020-11-03 18:37:42 -05:00			`fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err)`
Draft showing WIP testing approach. 2020-10-13 15:02:46 -04:00			`}`
			`return &stsResp, nil`
			`}`

			`type STSTokenExchangeRequest struct {`
			`ActingParty struct {`
			`ActorToken string`
			`ActorTokenType string`
			`}`
			`GrantType string`
			`Resource string`
			`Audience string`
			`Scope []string`
			`RequestedTokenType string`
			`SubjectToken string`
			`SubjectTokenType string`
			`}`

			`type STSTokenExchangeResponse struct {`
			AccessToken string `json:"access_token"`
			IssuedTokenType string `json:"issued_token_type"`
			TokenType string `json:"token_type"`
			ExpiresIn int `json:"expires_in"`
			Scope string `json:"scope"`
			RefreshToken string `json:"refresh_token"`
			`}`