diff --git a/google/internal/oauth/stsExchange.go b/google/internal/oauth/stsExchange.go new file mode 100644 index 0000000..24684e0 --- /dev/null +++ b/google/internal/oauth/stsExchange.go @@ -0,0 +1,90 @@ +package externalaccount + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + "net/url" + "strconv" + "strings" +) + +func ExchangeToken(endpoint string, request *STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*STSTokenExchangeResponse, error) { + + client := &http.Client{} + + data := url.Values{} + data.Set("audience", request.Audience) + data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange") + data.Set("requested_token_type", "urn:ietf:params:oauth:token-type:access_token") + data.Set("subject_token_type", request.SubjectTokenType) + data.Set("subject_token", request.SubjectToken) + data.Set("scope", strings.Join(request.Scope, " ")) + + //req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode())) + //if err != nil { + // fmt.Errorf("oauth2/google: failed to properly build http request") + //} + //for key, _ := range headers { + // for _, val := range headers.Values(key) { + // req.Header.Add(key, val) + // } + //} + //if authentication.ClientID != "" && authentication.ClientSecret != "" { + // plainHeader := authentication.ClientID + ":" + authentication.ClientSecret + // req.Header.Add("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(plainHeader))) + //} + //req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode()))) + authentication.InjectAuthentication(&data, &headers) + req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode())) + if err != nil { + fmt.Errorf("oauth2/google: failed to properly build http request") + } + for key, _ := range headers { + for _, val := range headers.Values(key) { + req.Header.Add(key, val) + } + } + req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode()))) + + + resp, err := client.Do(req) + if err != nil { + fmt.Errorf("oauth2/google: invalid response from Secure Token Server: #{err}") + } + defer resp.Body.Close() + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + fmt.Errorf("oauth2/google: invalid body in Secute Token Server response: #{err}") + } + var stsResp STSTokenExchangeResponse + err = json.Unmarshal(body, &stsResp) + if err != nil { + fmt.Println(err) + } + return &stsResp, nil +} + +type STSTokenExchangeRequest struct { + ActingParty struct { + ActorToken string + ActorTokenType string + } + GrantType string + Resource string + Audience string + Scope []string + RequestedTokenType string + SubjectToken string + SubjectTokenType string +} + +type STSTokenExchangeResponse struct { + AccessToken string `json:"access_token"` + IssuedTokenType string `json:"issued_token_type"` + TokenType string `json:"token_type"` + ExpiresIn int `json:"expires_in"` + Scope string `json:"scope"` + RefreshToken string `json:"refresh_token"` +} diff --git a/google/internal/oauth/stsExchange_test.go b/google/internal/oauth/stsExchange_test.go new file mode 100644 index 0000000..fd0ca1f --- /dev/null +++ b/google/internal/oauth/stsExchange_test.go @@ -0,0 +1,113 @@ +package externalaccount + +import ( + "net/http" + "net/http/httptest" + "testing" +) + +stsExchange_test.go + +package externalaccount + +import ( +"github.com/google/go-cmp/cmp" +"golang.org/x/oauth2" +"net/http" +"net/http/httptest" +"testing" +) + +var auth = ClientAuthentication{ + AuthStyle: oauth2.AuthStyleInHeader, + ClientID: clientID, + ClientSecret: clientSecret, +} + +var tokenRequest = STSTokenExchangeRequest{ + ActingParty: struct { + ActorToken string + ActorTokenType string + }{}, + GrantType: "urn:ietf:params:oauth:grant-type:token-exchange", + Resource: "", + Audience: "32555940559.apps.googleusercontent.com", //TODO: Make sure audience is correct in this test (might be mismatched) + Scope: []string{"https://www.googleapis.com/auth/devstorage.full_control"}, + RequestedTokenType: "urn:ietf:params:oauth:token-type:access_token", + SubjectToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjJjNmZhNmY1OTUwYTdjZTQ2NWZjZjI0N2FhMGIwOTQ4MjhhYzk1MmMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTEzMzE4NTQxMDA5MDU3Mzc4MzI4IiwiaGQiOiJnb29nbGUuY29tIiwiZW1haWwiOiJpdGh1cmllbEBnb29nbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJyWUtBTjZwX21rS0U4U2ItN3ZGalBBIiwiaWF0IjoxNjAxNTk0NDY1LCJleHAiOjE2MDE1OTgwNjV9.mWOLjD6ghfgrFNcm_1h-wrpLlKFc2WSS13lu2L5t4549uYhX5DEbI7MmeUEwXSffrns1ljcdbJm4nXymXK3AH6ftRV17O3BnOsWngxKj5eKhzOMF308YNXjBKTDiu_crzjCpf_2ng03IIGbFsTvAUx4wvWhnFO-z4xl2tb13OMCxpkw52dO1ZcFhw0d_1iUj_q0UL9E15ADL4SOr-BVtXerWPhNVBplTw8gzL4HHmo2GGUA_ilQpJzD528BKLygemqy1taXZwOGJEAUYkcKm8DhA0NJWneUyqHN6qbs0wm_d_nZsiFx9CIDblt1dUkgfuPIsno-xrkkkwubcv1WlgA", + SubjectTokenType: "urn:ietf:params:oauth:token-type:jwt", +} + +var serverReq = http.Request{ + Method: "POSTURL:/", + URL: nil, + Proto: "HTTP/1.1", + ProtoMajor: 1, + ProtoMinor: 1, + Header: map[string][]string{ + "Accept-Encoding": []string{"gzip"}, + "Authorization": []string{"Basic cmJyZ25vZ25yaG9uZ28zYmk0Z2I5Z2hnOWc6bm90c29zZWNyZXQ="}, + "Content-Length": []string{"1192"}, + "Content-Type": []string{"application/x-www-form-urlencoded"}, + "User-Agent": []string{"Go-http-client/1.1"}, + }, + Body: nil, //TODO: Oh god how do I get this... + ContentLength: 1192, + Close: false, + Host: "127.0.0.1:41147", //TODO: Does this conflict due to separate addresses? + Form: nil, //TODO: Should Form, PostForm, TransferEncoding, etc be initialized with Make? + PostForm: nil, + MultipartForm: nil, + Trailer: nil, + RemoteAddr: "127.0.0.1:52760", + RequestURI: "/", + TLS: nil, + Cancel: nil, + Response: nil, + //TODO: I hope to God that I don't need to set ctx for the comparison... +} + +var serverResp = http.Response{ + Status: "200 OK", + StatusCode: 200, + Proto: "HTTP/1.1", + ProtoMajor: 1, + ProtoMinor: 1, + Header: map[string][]string{ + "Connection":[]string{"keep-alive"}, + "Content-Length":[]string{"362"}, + "Content-Type":[]string{"application/json; charset=utf-8"}, + "Date":[]string{"Wed, 07 Oct 2020 21:54:27 GMT"}, + "X-Powered-By":[]string{"Express"}, + }, + Body: nil, + ContentLength: 0, + TransferEncoding: nil, + Close: false, + Uncompressed: false, + Trailer: nil, + Request: nil, + TLS: nil, +} + +func TestExchangeToken(t *testing.T) { + + + + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if diff := cmp.Diff(*r, serverReq); diff != "" { + t.Errorf("mismatched messages received by mock server (-want +got): \n%s", diff) + } + + return + })) + + headers := make(map[string][]string) + headers["Content-Type"] = []string{"application/x-www-form-urlencoded"} + + //TODO: Call TokenExchange, make sure I get the right results + resp, err := ExchangeToken(ts.URL, &tokenRequest, auth, headers, nil) + if err != nil { + t.Errorf("ExchangeToken failed with error: %s", err) + } +} \ No newline at end of file