forked from Mirrors/oauth2
google: Add support for OAuth2 token exchange over mTLS
With Context Aware Access enabled, users must use the endpoint "https://oauth2.mtls.googleapis.com/token" for token exchange. This PR adds support for runtime configuration of the OAuth2 token endpoint (as determined by the caller). If using the mTLS oauth2 endpoint, the caller will also need to specify an mTLS-enabled HTTPClient via the "context" mechanism for use by the OAuth2 transport.
Change-Id: Ic83342ec1d224d3acdabf00d863249330424fc54
GitHub-Last-Rev: 07e4849e96
GitHub-Pull-Request: golang/oauth2#630
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/470396
Run-TryBot: Matthew Hickford <hickford@google.com>
Reviewed-by: Shin Fan <shinfan@google.com>
Run-TryBot: Shin Fan <shinfan@google.com>
Reviewed-by: Matthew Hickford <hickford@google.com>
Reviewed-by: Andy Zhao <andyzhao@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Andy Zhao
Shin Fan
parent
6f9c1a18cc
commit
885f294722
|
|
@ -62,6 +62,10 @@ type CredentialsParams struct {
|
||||||
|
|
||||||
// PKCE is used to support PKCE flow. Optional for 3LO flow.
|
// PKCE is used to support PKCE flow. Optional for 3LO flow.
|
||||||
PKCE *authhandler.PKCEParams
|
PKCE *authhandler.PKCEParams
|
||||||
|
|
||||||
|
// The OAuth2 TokenURL default override. This value overrides the default TokenURL,
|
||||||
|
// unless explicitly specified by the credentials config file. Optional.
|
||||||
|
TokenURL string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (params CredentialsParams) deepCopy() CredentialsParams {
|
func (params CredentialsParams) deepCopy() CredentialsParams {
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,9 @@ var Endpoint = oauth2.Endpoint{
|
||||||
AuthStyle: oauth2.AuthStyleInParams,
|
AuthStyle: oauth2.AuthStyleInParams,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// MTLSTokenURL is Google's OAuth 2.0 default mTLS endpoint.
|
||||||
|
const MTLSTokenURL = "https://oauth2.mtls.googleapis.com/token"
|
||||||
|
|
||||||
// JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
|
// JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
|
||||||
const JWTTokenURL = "https://oauth2.googleapis.com/token"
|
const JWTTokenURL = "https://oauth2.googleapis.com/token"
|
||||||
|
|
||||||
|
|
@ -172,7 +175,11 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
|
||||||
cfg.Endpoint.AuthURL = Endpoint.AuthURL
|
cfg.Endpoint.AuthURL = Endpoint.AuthURL
|
||||||
}
|
}
|
||||||
if cfg.Endpoint.TokenURL == "" {
|
if cfg.Endpoint.TokenURL == "" {
|
||||||
cfg.Endpoint.TokenURL = Endpoint.TokenURL
|
if params.TokenURL != "" {
|
||||||
|
cfg.Endpoint.TokenURL = params.TokenURL
|
||||||
|
} else {
|
||||||
|
cfg.Endpoint.TokenURL = Endpoint.TokenURL
|
||||||
|
}
|
||||||
}
|
}
|
||||||
tok := &oauth2.Token{RefreshToken: f.RefreshToken}
|
tok := &oauth2.Token{RefreshToken: f.RefreshToken}
|
||||||
return cfg.TokenSource(ctx, tok), nil
|
return cfg.TokenSource(ctx, tok), nil
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue