clientcredentials: add option for additional endpoint parameters

This is to support https://auth0.com/docs/api-auth/config/asking-for-access-tokens. Fixes https://github.com/golang/oauth2/issues/216 Change-Id: I9b8fdb4fe22c688fd71e43bd21d80b796434b8b0 Reviewed-on: https://go-review.googlesource.com/36880 Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Jaana Burcu Dogan <jbd@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-02-10 14:32:30 -08:00 · 2017-02-10 14:32:30 -08:00 · 01b79d9447
parent efb10a3061
commit 01b79d9447
2 changed files with 22 additions and 9 deletions
--- a/clientcredentials/clientcredentials.go
+++ b/clientcredentials/clientcredentials.go
@ -14,6 +14,7 @@
 package clientcredentials // import "golang.org/x/oauth2/clientcredentials"

 import (
+	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
@ -38,6 +39,9 @@ type Config struct {

 	// Scope specifies optional requested permissions.
 	Scopes []string
+
+	// EndpointParams specifies additional parameters for requests to the token endpoint.
+	EndpointParams url.Values
 }

 // Token uses client credentials to retrieve a token.
@ -76,10 +80,17 @@ type tokenSource struct {
 // Token refreshes the token by using a new client credentials request.
 // tokens received this way do not include a refresh token
 func (c *tokenSource) Token() (*oauth2.Token, error) {
-	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.TokenURL, url.Values{
+	v := url.Values{
 		"grant_type": {"client_credentials"},
 		"scope":      internal.CondVal(strings.Join(c.conf.Scopes, " ")),
-	})
+	}
+	for k, p := range c.conf.EndpointParams {
+		if _, ok := v[k]; ok {
+			return nil, fmt.Errorf("oauth2: cannot overwrite parameter %q", k)
+		}
+		v[k] = p
+	}
+	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.TokenURL, v)
 	if err != nil {
 		return nil, err
 	}
--- a/clientcredentials/clientcredentials_test.go
+++ b/clientcredentials/clientcredentials_test.go
@ -9,15 +9,17 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"testing"
 )

-func newConf(url string) *Config {
+func newConf(serverURL string) *Config {
 	return &Config{
-		ClientID:     "CLIENT_ID",
-		ClientSecret: "CLIENT_SECRET",
-		Scopes:       []string{"scope1", "scope2"},
-		TokenURL:     url + "/token",
+		ClientID:       "CLIENT_ID",
+		ClientSecret:   "CLIENT_SECRET",
+		Scopes:         []string{"scope1", "scope2"},
+		TokenURL:       serverURL + "/token",
+		EndpointParams: url.Values{"audience": {"audience1"}},
 	}
 }

@ -48,7 +50,7 @@ func TestTokenRequest(t *testing.T) {
 		if err != nil {
 			t.Errorf("failed reading request body: %s.", err)
 		}
-		if string(body) != "grant_type=client_credentials&scope=scope1+scope2" {
+		if string(body) != "audience=audience1&grant_type=client_credentials&scope=scope1+scope2" {
 			t.Errorf("payload = %q; want %q", string(body), "grant_type=client_credentials&scope=scope1+scope2")
 		}
 		w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
@ -84,7 +86,7 @@ func TestTokenRefreshRequest(t *testing.T) {
 			t.Errorf("Unexpected Content-Type header, %v is found.", headerContentType)
 		}
 		body, _ := ioutil.ReadAll(r.Body)
-		if string(body) != "grant_type=client_credentials&scope=scope1+scope2" {
+		if string(body) != "audience=audience1&grant_type=client_credentials&scope=scope1+scope2" {
 			t.Errorf("Unexpected refresh token payload, %v is found.", string(body))
 		}
 	}))