forked from Mirrors/oauth2
downscope: minor tweaks
This commit is contained in:
parent
776a9ed8a3
commit
b594a6032e
|
@ -23,7 +23,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
identityBindingEndpoint = "https://sts.googleapis.com/v1beta/token"
|
||||
identityBindingEndpoint = "https://sts.googleapis.com/v1/token"
|
||||
)
|
||||
|
||||
type accessBoundary struct {
|
||||
|
@ -122,7 +122,7 @@ func downscopedTokenWithEndpoint(ctx context.Context, config DownscopingConfig,
|
|||
form.Add("subject_token_type", "urn:ietf:params:oauth:token-type:access_token")
|
||||
form.Add("requested_token_type", "urn:ietf:params:oauth:token-type:access_token")
|
||||
form.Add("subject_token", tok.AccessToken)
|
||||
form.Add("options", url.QueryEscape(string(b)))
|
||||
form.Add("options", string(b))
|
||||
|
||||
myClient := oauth2.NewClient(ctx, nil)
|
||||
resp, err := myClient.PostForm(endpoint, form)
|
||||
|
@ -148,17 +148,17 @@ func downscopedTokenWithEndpoint(ctx context.Context, config DownscopingConfig,
|
|||
// a token derived from a users token (3LO) does not.
|
||||
// The following code uses the time remaining on rootToken for a user as the value for the
|
||||
// derived token's lifetime
|
||||
var expiry_time time.Time
|
||||
var expiryTime time.Time
|
||||
if tresp.ExpiresIn > 0 {
|
||||
expiry_time = time.Now().Add(time.Duration(time.Duration(tresp.ExpiresIn) * time.Second))
|
||||
expiryTime = time.Now().Add(time.Duration(tresp.ExpiresIn) * time.Second)
|
||||
} else {
|
||||
expiry_time = tok.Expiry
|
||||
expiryTime = tok.Expiry
|
||||
}
|
||||
|
||||
newToken := &oauth2.Token{
|
||||
AccessToken: tresp.AccessToken,
|
||||
TokenType: tresp.TokenType,
|
||||
Expiry: expiry_time,
|
||||
Expiry: expiryTime,
|
||||
}
|
||||
return oauth2.StaticTokenSource(newToken), nil
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ import (
|
|||
)
|
||||
|
||||
var (
|
||||
standardReqBody = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=%257B%2522accessBoundary%2522%253A%257B%2522accessBoundaryRules%2522%253A%255B%257B%2522availableResource%2522%253A%2522test1%2522%252C%2522availablePermissions%2522%253A%255B%2522Perm1%2522%252C%2522Perm2%2522%255D%257D%255D%257D%257D&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&subject_token=Mellon&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token"
|
||||
standardReqBody = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=%7B%22accessBoundary%22%3A%7B%22accessBoundaryRules%22%3A%5B%7B%22availableResource%22%3A%22test1%22%2C%22availablePermissions%22%3A%5B%22Perm1%22%2C%22Perm2%22%5D%7D%5D%7D%7D&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&subject_token=Mellon&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token"
|
||||
standardRespBody = `{"access_token":"Open Sesame","expires_in":432,"issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer"}`
|
||||
)
|
||||
|
||||
|
|
Loading…
Reference in New Issue