Preston_PLB
/
oauth2
forked from Mirrors/oauth2
1
0
Fork 0
Code Pull Requests Activity

Support using ID token as the ouath access token.

This commit is contained in:
Wenlei (Frank) He 2019-03-08 09:20:43 -08:00
parent 8baca543ee
commit 339f3641d9
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
jwt/jwt.go
View File

@ -69,6 +69,9 @@ type Config struct {
// PrivateClaims optionally specifies private claims in the JWT.
PrivateClaims map[string]interface{}
// UseIDToken optionally uses ID token instead of access token.
UseIDToken bool
}
// TokenSource returns a JWT TokenSource using the configuration
@ -100,10 +103,10 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
}
hc := oauth2.NewClient(js.ctx, nil)
claimSet := &jws.ClaimSet{
Iss: js.conf.Email,
Scope: strings.Join(js.conf.Scopes, " "),
Aud: js.conf.TokenURL,
PrivateClaims: js.conf.PrivateClaims,
Iss: js.conf.Email,
Scope: strings.Join(js.conf.Scopes, " "),
Aud: js.conf.TokenURL,
PrivateClaims: js.conf.PrivateClaims,
}
if subject := js.conf.Subject; subject != "" {
claimSet.Sub = subject
@ -168,6 +171,9 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
if err != nil {
return nil, fmt.Errorf("oauth2: error decoding JWT token: %v", err)
}
if js.conf.UseIDToken {
token.AccessToken = tokenRes.IDToken
}
token.Expiry = time.Unix(claimSet.Exp, 0)
}
return token, nil