Preston_PLB
/
oauth2
forked from Mirrors/oauth2
1
0
Fork 0
Code Pull Requests Activity

google: Changes required to get AWS working in manual testing 

• Subject Token needs to be query escaped
• Null options need to be omitted (like they are in other languages)

Change-Id: I67d1ed3ba96a35283a8928f196bc7e912084d1ab
GitHub-Last-Rev: 1aae076a90
GitHub-Pull-Request: golang/oauth2#474
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/290513
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
This commit is contained in:
Ryan Kohler 2021-02-09 17:43:57 +00:00 committed by Cody Oss
parent 010130855d
commit 66670185b0
6 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
google/internal/externalaccount/aws.go
View File

@ -16,6 +16,7 @@ import (
"io" "io"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/url"
"os" "os"
"path" "path"
"sort" "sort"
@ -334,7 +335,7 @@ func (cs awsCredentialSource) subjectToken() (string, error) {
if err != nil { if err != nil {
return "", err return "", err
} }
return string(result), nil return url.QueryEscape(string(result)), nil
} }
func (cs *awsCredentialSource) getRegion() (string, error) { func (cs *awsCredentialSource) getRegion() (string, error) {

3
google/internal/externalaccount/aws_test.go
View File

@ -10,6 +10,7 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
neturl "net/url"
"reflect" "reflect"
"strings" "strings"
"testing" "testing"
@ -527,7 +528,7 @@ func getExpectedSubjectToken(url, region, accessKeyID, secretAccessKey, security
}) })
str, _ := json.Marshal(result) str, _ := json.Marshal(result)
return string(str) return neturl.QueryEscape(string(str))
} }
func TestAwsCredential_BasicRequest(t *testing.T) { func TestAwsCredential_BasicRequest(t *testing.T) {

2
google/internal/externalaccount/basecredentials_test.go
View File

@ -29,7 +29,7 @@ var testConfig = Config{
} }
var ( var (
baseCredsRequestBody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=null&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control&subject_token=street123&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt" baseCredsRequestBody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control&subject_token=street123&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt"
baseCredsResponseBody = `{"access_token":"Sample.Access.Token","issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer","expires_in":3600,"scope":"https://www.googleapis.com/auth/cloud-platform"}` baseCredsResponseBody = `{"access_token":"Sample.Access.Token","issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer","expires_in":3600,"scope":"https://www.googleapis.com/auth/cloud-platform"}`
correctAT = "Sample.Access.Token" correctAT = "Sample.Access.Token"
expiry int64 = 234852 expiry int64 = 234852

2
google/internal/externalaccount/impersonate_test.go
View File

@ -23,7 +23,7 @@ var testImpersonateConfig = Config{
} }
var ( var (
baseImpersonateCredsReqBody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=null&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform&subject_token=street123&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt" baseImpersonateCredsReqBody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform&subject_token=street123&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt"
baseImpersonateCredsRespBody = `{"accessToken":"Second.Access.Token","expireTime":"2020-12-28T15:01:23Z"}` baseImpersonateCredsRespBody = `{"accessToken":"Second.Access.Token","expireTime":"2020-12-28T15:01:23Z"}`
) )

2
google/internal/externalaccount/sts_exchange.go
View File

@ -32,11 +32,13 @@ func ExchangeToken(ctx context.Context, endpoint string, request *STSTokenExchan
data.Set("subject_token_type", request.SubjectTokenType) data.Set("subject_token_type", request.SubjectTokenType)
data.Set("subject_token", request.SubjectToken) data.Set("subject_token", request.SubjectToken)
data.Set("scope", strings.Join(request.Scope, " ")) data.Set("scope", strings.Join(request.Scope, " "))
if options != nil {
opts, err := json.Marshal(options) opts, err := json.Marshal(options)
if err != nil { if err != nil {
return nil, fmt.Errorf("oauth2/google: failed to marshal additional options: %v", err) return nil, fmt.Errorf("oauth2/google: failed to marshal additional options: %v", err)
} }
data.Set("options", string(opts)) data.Set("options", string(opts))
}
authentication.InjectAuthentication(data, headers) authentication.InjectAuthentication(data, headers)
encodedData := data.Encode() encodedData := data.Encode()

2
google/internal/externalaccount/sts_exchange_test.go
View File

@ -35,7 +35,7 @@ var tokenRequest = STSTokenExchangeRequest{
SubjectTokenType: "urn:ietf:params:oauth:token-type:jwt", SubjectTokenType: "urn:ietf:params:oauth:token-type:jwt",
} }
var requestbody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=null&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control&subject_token=Sample.Subject.Token&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt" var requestbody = "audience=32555940559.apps.googleusercontent.com&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control&subject_token=Sample.Subject.Token&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt"
var responseBody = `{"access_token":"Sample.Access.Token","issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer","expires_in":3600,"scope":"https://www.googleapis.com/auth/cloud-platform"}` var responseBody = `{"access_token":"Sample.Access.Token","issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer","expires_in":3600,"scope":"https://www.googleapis.com/auth/cloud-platform"}`
var expectedToken = STSTokenExchangeResponse{ var expectedToken = STSTokenExchangeResponse{
AccessToken: "Sample.Access.Token", AccessToken: "Sample.Access.Token",