Commit Graph

112 Commits

Author SHA1 Message Date
Patrick Jones 16ff1888fd google: manual testing fixes
I found some errors while manually testing service account impersonation on Azure.  This PR includes the fixes that I made.

Change-Id: Ia2b194be6c9a7c843e615f9789c8f8203bcbc151
GitHub-Last-Rev: 5690716363
GitHub-Pull-Request: golang/oauth2#475
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/291209
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-02-16 19:45:17 +00:00
Ryan Kohler 66670185b0 google: Changes required to get AWS working in manual testing
• Subject Token needs to be query escaped
• Null options need to be omitted (like they are in other languages)

Change-Id: I67d1ed3ba96a35283a8928f196bc7e912084d1ab
GitHub-Last-Rev: 1aae076a90
GitHub-Pull-Request: golang/oauth2#474
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/290513
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-02-10 19:26:28 +00:00
Ryan Kohler 010130855d google: support AWS 3rd party credentials
Change-Id: I655b38f7fb8023866bb284c7ce80ab9888682e73
GitHub-Last-Rev: 648f0b3d45
GitHub-Pull-Request: golang/oauth2#471
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/287752
Reviewed-by: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
2021-02-01 16:38:06 +00:00
Patrick Jones f9ce19ea30 google: support service account impersonation
Adds support for service account impersonation when a URL for service account impersonation is provided.

Change-Id: I9f3bbd6926212cecb13938fc5dac358ba56855b8
GitHub-Last-Rev: 9c218789db
GitHub-Pull-Request: golang/oauth2#468
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/285012
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
2021-01-26 19:43:26 +00:00
Ryan Kohler af13f521f1 google: Create AWS V4 Signing Utility
Change-Id: I59b4a13ed0433de7dfaa064a0f7dc1f3dd724518
GitHub-Last-Rev: 8cdc6a9ad0
GitHub-Pull-Request: golang/oauth2#467
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/284632
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
2021-01-25 20:13:02 +00:00
Patrick Jones d3ed898aa8 google: support url-sourced 3rd party credentials
Implements functionality to allow for URL-sourced 3rd party credentials, expanding the functionality added in #462 .

Change-Id: Ib7615fb618486612960d60bee6b9a1ecf5de1404
GitHub-Last-Rev: 95713928e4
GitHub-Pull-Request: golang/oauth2#466
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283372
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
2021-01-13 20:58:17 +00:00
Cody Oss 8b1d76fa04 google: restore 1.11 compatibility
NewRequestWithContext requires 1.13. As this is just a convenience
we should try to retatin the 1.11 compatibility by using NewRequest
then calling WithContext instead.

Change-Id: I6208a92061b208a119fdf04fd561a3e4d22bc547
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283535
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-01-13 16:05:01 +00:00
Patrick Jones 01de73cf58 google: base account credentials with file-sourcing
Implements the core functionality to allow 3rd party identities access to Google APIs.  Specifically, this PR implements the base account credential type and supports file-sourced credentials such as Kubernetes workloads.  Later updates will add support for URL-sourced credentials such as Microsoft Azure and support for AWS credentials.

Change-Id: I6e09a450f5221a1e06394b51374cff70ab3ab8a7
GitHub-Last-Rev: 3ab51622f8
GitHub-Pull-Request: golang/oauth2#462
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/276312
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-01-12 20:04:29 +00:00
Patrick Jones 0b49973bad google: add ExchangeToken() to run STS exchanges.
Adds the ExchangeToken() function and support structs, but depends on  https://github.com/golang/oauth2/pull/439

Change-Id: Id738a27b0c2ac083409156af1f60283b9140b159
GitHub-Last-Rev: 1aa066dc21
GitHub-Pull-Request: golang/oauth2#444
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/261918
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
2020-12-03 00:10:11 +00:00
Patrick Jones 9fd604954f google: add utilities supporting upcoming oauth2 functionality
These are used to support some extended utilities to help with STS requests.

Change-Id: Iafc145b06ca42374cfc2ac6572762a50bcf560f2
GitHub-Last-Rev: 3085fe5703
GitHub-Pull-Request: golang/oauth2#439
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/259777
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
2020-11-09 20:14:03 +00:00
Chris Broadfoot 0f29369cfe google: add some metadata to GCE tokens to identify the token's source
This is required for the direct path feature, which only works with this
token source. It's not currently possible to determine the token source
type from the return value of FindDefaultCredentials.

Another option is to add another field to the Credentials struct, which
we could still do later, but direct path is currently pretty experimental
and whitelisted/opt-in, so I don't want to add to the public API surface
unnecessarily.

This CL functionally blocks
https://code-review.googlesource.com/c/google-api-go-client/+/40950

Change-Id: Ifb5fe9c6e5c6b33eebb87b45d3c70eebfca691b3
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/175877
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2019-06-04 05:34:49 +00:00
Steven Buss 9f3314589c google: Support scopes for ComputeTokenSource
Scopes have been added as a query parameter to the metadata server.

Change-Id: Ife68db01beeca386e558edd424fa11da508b7287
GitHub-Last-Rev: 1cb4a6ec12
GitHub-Pull-Request: golang/oauth2#376
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/170106
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-04-02 18:19:05 +00:00
Jean de Klerk 529b322ea3 google: Use new endpoints for Google authentication
Fixes #310

Change-Id: I3b3a57b2758074535d07471b344334945be5bcbd
Reviewed-on: https://go-review.googlesource.com/c/136356
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2019-02-26 19:11:47 +00:00
Brad Fitzpatrick 5f6b76b7c9 google: remove legacy App Engine context stuff
Fixes golang/oauth2#276

Change-Id: I3f2bed7201f2e6bb58913f3fae2e64287b9a66d5
Reviewed-on: https://go-review.googlesource.com/c/161959
Reviewed-by: Ross Light <light@google.com>
Reviewed-by: Jean de Klerk <deklerk@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-02-11 22:52:00 +00:00
Brad Fitzpatrick 80673b4a4b oauth2: auto-detect auth style by default, add Endpoint.AuthStyle
Instead of maintaining a global map of which OAuth2 servers do which
auth style and/or requiring the user to tell us, just try both ways
and remember which way worked. But if users want to tell us in the
Endpoint, this CL also add Endpoint.AuthStyle.

Fixes golang/oauth2#111
Fixes golang/oauth2#365
Fixes golang/oauth2#362
Fixes golang/oauth2#357
Fixes golang/oauth2#353
Fixes golang/oauth2#345
Fixes golang/oauth2#326
Fixes golang/oauth2#352
Fixes golang/oauth2#268
Fixes https://go-review.googlesource.com/c/oauth2/+/58510
(... and surely many more ...)

Change-Id: I7b4d98ba1900ee2d3e11e629316b0bf867f7d237
Reviewed-on: https://go-review.googlesource.com/c/157820
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ross Light <light@google.com>
2019-02-11 18:49:51 +00:00
Brad Fitzpatrick b758792b5c google: remove a useless build tag restriction
I missed this in CL 146677.

Change-Id: Ie2735ba15d41e51fd5a99cba97514cd16399abaa
Reviewed-on: https://go-review.googlesource.com/c/147458
Reviewed-by: Ross Light <light@google.com>
2018-11-05 16:49:09 +00:00
Brad Fitzpatrick 232e455483 google: remove Go 1.8 support
Assume Go 1.9+, which is broader than Go's current Go 1.10+ support policy.

Change-Id: I9fe6954d21c2279cf4ea7da4d5bc7a9290a3bae2
Reviewed-on: https://go-review.googlesource.com/c/146677
Reviewed-by: Ross Light <light@google.com>
2018-11-02 17:01:40 +00:00
Antoine GIRARD e0f2c55a7f appengine: use stdlib context instead of x/net/context
PR #341 introduce some new import `x/net/context` in parallel of PR #339 replacing them with the standard context.
This quick PR rename those imports.

Change-Id: I94f7edbee851a733b8a307c2ea60923dd990bdb4
GitHub-Last-Rev: fbe7944356
GitHub-Pull-Request: golang/oauth2#342
Reviewed-on: https://go-review.googlesource.com/c/146837
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-02 00:39:13 +00:00
Antoine GIRARD c453e0c757 all: use stdlib context instead of x/net/context
This PR replaces use of `x/net/context` with the standard `context`

It has been nearly 6 months since
https://github.com/golang/oauth2/issues/246#issuecomment-387601277 so
I made this PR so it will be ready to merge when needed (and if
possible).

Fixes #246

Change-Id: Id2c316fcb27de0fb9163ceb4e8669b04cb39a987
GitHub-Last-Rev: 5b36321dcc
GitHub-Pull-Request: golang/oauth2#339
Reviewed-on: https://go-review.googlesource.com/c/145202
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-01 16:01:52 +00:00
Michael Traver 5a69e67f3f appengine: implement AppEngineTokenSource for 2nd gen runtimes
Go 1.11 on App Engine standard is a "second generation" runtime, and
second generation runtimes do not set the appengine build tag.
appengine_hook.go was behind the appengine build tag, meaning that
AppEngineTokenSource panicked on the go111 runtime, saying,
"AppEngineTokenSource can only be used on App Engine."

The second gen runtimes should use ComputeTokenSource, which is also
what flex does [1]. This commit does two things to remedy the situation:

1. Put the pre-existing implementation of AppEngineTokenSource behind
   the appengine build tag since it only works on first gen App Engine
   runtimes. This leaves first gen behavior unchanged.
2. Add a new implementation of AppEngineTokenSource and tag it
   !appengine. This implementation will therefore be used by second gen
   App Engine standard runtimes and App Engine flexible. It delegates
   to ComputeTokenSource.

The new AppEngineTokenSource implementation emits a log message
informing the user that AppEngineTokenSource is deprecated for second
gen runtimes and flex, instructing them to use DefaultTokenSource or
ComputeTokenSource instead. The documentation is updated to say the
same.

In this way users will not break when upgrading from Go 1.9 to Go 1.11
on App Engine but they will be nudged toward the world where App Engine
runtimes have less special behavior.

findDefaultCredentials still calls AppEngineTokenSource for first gen
runtimes and ComputeTokenSource for flex.

Fixes #334

Test: I deployed an app that uses AppEngineTokenSource to Go 1.9 and
      Go 1.11 on App Engine standard and to Go 1.11 on App Engine
      flexible and it worked in all cases. Also verified that the log
      message is present on go111 and flex.

[1] DefaultTokenSource did use ComputeTokenSource for flex but
AppEngineTokenSource did not. AppEngineTokenSource is supported on flex,
in the sense that it doesn't panic when used on flex in the way it does
when used outside App Engine. However, AppEngineTokenSource makes an API
call internally that isn't supported by default on flex, which emits a
log instructing the user to enable the compat runtime. The compat
runtimes are deprecated and deploys are blocked. This is a bad
experience. This commit has the side effect of fixing this.

Change-Id: Iab63547b410535db60dcf204782d5b6b599a4e0c
GitHub-Last-Rev: 5779afb167
GitHub-Pull-Request: golang/oauth2#341
Reviewed-on: https://go-review.googlesource.com/c/146177
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-01 15:54:53 +00:00
Jonathan Amsterdam 7af32f14d0 google: add CredentialsFromJSON
Support obtaining a DefaultCredentials value from JSON data.

Also, add an example, and write more package doc.

For Go 1.9 and higher, rename DefaultCredentials to
Credentials and make the former an alias for the latter.

Updates google/google-api-go-client#247.

Change-Id: I9f9e234ed79f8e08fa13914d9c6c60e0154a06e5
Reviewed-on: https://go-review.googlesource.com/99795
Reviewed-by: Ross Light <light@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-03-12 23:58:49 +00:00
Ross Light 174986b227 internal: move ParseINI into google
This was the only usage of the function.

Change-Id: I081e20789ea9e37fe96f764641078472153bf577
Reviewed-on: https://go-review.googlesource.com/85197
Reviewed-by: Andrew Bonventre <andybons@golang.org>
2018-01-02 15:01:02 +00:00
Ross Light 9a379c6b3e google: add JSON field to DefaultCredentials
Change-Id: I9cde8eabf4a2cb87db74f7b805045e155fd4ef13
Reviewed-on: https://go-review.googlesource.com/51111
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-08-07 18:00:24 +00:00
Jaana Burcu Dogan 8cf58155e4 google: remove code duplication, note appenginevm case
Before AppEngine classic allowed "google.golang.org/appengine" imports,
we used to maintain two hook files to choose either from "appengine" or
"google.golang.org/appengine" namespaces. Now, both environments allow
importing from "google.golang.org/appengine". Therefore, there
is no need to set hooks in two separate files.

Also note that Flex prefers to use metadata server, so we still
need to be able to differentiate between these environments.

Change-Id: I7478ebdfa1b062d466aaf2aca938f93d42b4c58a
Reviewed-on: https://go-review.googlesource.com/37378
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-03-02 20:00:26 +00:00
Akihiro Suda 96382aa079 google: prefer os.Getenv("HOME") over os/user.Current() so as to avoid SEGV
Due to an issue in handling thread-local storages, os/user can lead to SEGV
when glibc is statically linked with.

So we prefer os.Getenv("HOME") for guessing where is the home directory.

See also: golang/go#13470

Change-Id: I1046ff93a71aa3b11299f7e6cf65ff7b1fb07eb9
Reviewed-on: https://go-review.googlesource.com/34175
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-12-13 07:49:53 +00:00
Ross Light f6093e37b6 google: add DefaultCredentials function
This new function allows reading the project ID from a service account
JSON file without an additional disk read.

Change-Id: I1f03ca3ca39a2ae3bd6524367c17761b0f08de45
Reviewed-on: https://go-review.googlesource.com/32876
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-11-30 17:46:31 +00:00
Ross Light d5040cddfc google: refactor JWT parsing code internally
The ADC code and the JWT-parsing function operate on the same data
format, but were using separate code paths, each of which was missing
things from the other.

While this presents no change in API surface, JWTConfigFromJSON now
strictly checks the "type" field in the JSON file before building a
config.

Change-Id: I2f593a16bf4591059fbf9002bccea06e41e5e161
Reviewed-on: https://go-review.googlesource.com/32678
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-11-07 20:33:27 +00:00
Jaana Burcu Dogan 2d2b68866f google: make JWTConfigFromJSON set TokenURL from the JSON's token_uri
Fixes golang/oauth2#199.

Change-Id: I534def935c7143e4276b5d880127b0af35409f9a
Reviewed-on: https://go-review.googlesource.com/28411
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-09-02 05:03:02 +00:00
Jonathan Amsterdam 04e1573abc oauth2/google: change import paths
Change google.golang.org/cloud to cloud.google.com/go.

Change-Id: I6955a38ab97019d3d1dc094979e0ca2e45dea071
Reviewed-on: https://go-review.googlesource.com/25363
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-08-03 22:09:26 +00:00
Sean Rees 12e1e98615 google: fix warnings from go vet
go vet reports the following warnings:
google/jwt_test.go:85:
missing argument for Fatalf("%q"): format reads arg 2, have only 1 args

google/sdk_test.go:28:
wrong number of args for format in Errorf call: 1 needed but 2 args

Change-Id: If5acfae42b558ced7694dd7bc6f12ab4a3cb6115
Reviewed-on: https://go-review.googlesource.com/24992
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-07-19 16:36:24 +00:00
Dave Day a870243201 jws: use base64.RawURLEncoding
The Raw (unpadded) version of URL encoding was introduced in Go 1.5.
Since we no longer need to support Go 1.4 (and indeed, Go 1.4 won't work
because of our dependency on golang.org/x/net/context), we can simplify
the base64 encoding/decoding to use this directly.

Fixes golang/oauth2#190.

Change-Id: Ic2676edf5fe5b4d1680409fd9c02bd1c287ca39f
Reviewed-on: https://go-review.googlesource.com/25000
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-07-18 01:11:30 +00:00
Brad Fitzpatrick 4470bd844e google: fix the build when appengine isn't present
See https://build.golang.org/log/c3e046245c4eafbb7b2571ef9ac144b0d29ba2b5

Updates golang/go#11811

Change-Id: I16d2ac26dcda123e1bd8c456e490f6ca45111d24
Reviewed-on: https://go-review.googlesource.com/24946
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-07-15 18:42:06 +00:00
Dave Day df5b72659a google: support key ID in JWTAccessTokenSourceFromJSON
Change-Id: I20ffede5bf81aa4990afb2820561d5633cdb43a8
Reviewed-on: https://go-review.googlesource.com/24440
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-07-02 01:08:09 +00:00
Sean Harger f6a14f0423 google: Update godocs to reflect recent GCP front-end changes.
Updated references to the API manager to reflect the new stand-alone API
manager at http://console.developers.google.com.

Change-Id: I156cce7b844850a560bfbf2b64fb0d8da5edaefe
Reviewed-on: https://go-review.googlesource.com/22706
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-05-03 00:48:36 +00:00
Andrew Gerrand 038cb4adce all: change copyright to 'Go Authors'
Fixes golang/go#12354

Change-Id: Ie4bbe9445e2a840c9db830c9bd52a783b7a6f9bc
Reviewed-on: https://go-review.googlesource.com/13952
Reviewed-by: Russ Cox <rsc@golang.org>
2015-10-22 04:14:42 +00:00
Andrew Gerrand 166f7cf994 google: set expiry on JWTAccessTokenSource
Change-Id: Ib1ff6511ce38e17711486743601241285a34f164
Reviewed-on: https://go-review.googlesource.com/14934
Reviewed-by: Julien Boeuf <jboeuf@google.com>
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-09-24 05:27:11 +00:00
Chris Broadfoot 52dcf34690 google: Re-enable AppEngineTokenSource to be used from Managed VMs.
Fixes #152.

Change-Id: I757c011d3ac5dca8f80fb2119eda3adf8c178ca6
Reviewed-on: https://go-review.googlesource.com/14622
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-09-16 01:14:15 +00:00
Chris Broadfoot ad0128250e Remove use of appenginevm build tag.
Managed VM apps can use the net/http package directly, and can use the
metadata server instead of the appengine package to get Service Account
tokens.

Change-Id: Ifa30eea446ffe4a9121ce3401900f4b73ddf07db
Reviewed-on: https://go-review.googlesource.com/14125
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-09-02 21:49:11 +00:00
Andrew Gerrand 897d9734bb google: set token type on returned JWTAccessToken, tweak docs
Change-Id: Id83af8110c7c89ca5ffe793149230fa3f87a6baf
Reviewed-on: https://go-review.googlesource.com/14198
Reviewed-by: Dave Day <djd@golang.org>
2015-09-02 03:46:34 +00:00
Andrew Gerrand 397fe76494 google: add support for JWT Access Tokens
This is a new form of authentication for Google services, where instead
of passing a signed claim to obtain a token from the OAuth endpoint, you
present the signed claim *as* the token to the API endpoint.

Fixes #139.
Fixes #140.

Change-Id: Ibf0f168a0ec111660ac08b86121c943fb96e146c
Reviewed-on: https://go-review.googlesource.com/10667
Reviewed-by: David Symonds <dsymonds@golang.org>
Reviewed-by: Dave Day <djd@golang.org>
2015-08-13 22:40:26 +00:00
Burcu Dogan d2a4aec992 oauth/google: fix the broken default credentials link
Change-Id: Iceb8f2fa393a1de4dbb0ab3b85ccee1da5c2b5b7
Reviewed-on: https://go-review.googlesource.com/8474
Reviewed-by: David Symonds <dsymonds@golang.org>
2015-04-05 01:25:05 +00:00
Andrew Gerrand 798d582d94 google: implement application default credentials
Google is moving toward a default, language-agnostic way of obtaining
authentication credentials on App Engine and Compute Engine.
This change implements this mechanism.

Fixes #90.

Change-Id: Iaae4d60bbc75b1a9f2ec6ad14ab76fb2e279d756
Reviewed-on: https://go-review.googlesource.com/6074
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-03-19 05:52:14 +00:00
Burcu Dogan 54a4310f85 oauth2/google: ConfigFromJSON should support the installed app credentials
client_credentials.json may contain credentials for the installed
applications. Populate the Config depending on what's available in
the JSON key.

Change-Id: I47f494f1c31967a920fe557a9e8c1c4652943c4e
Reviewed-on: https://go-review.googlesource.com/7250
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-10 02:48:34 +00:00
Andrew Gerrand 96e89befdc oauth2: remove oauth2.Context type, simplify App Engine token code
You can now use the "google.golang.org/appengine" packages on both
Managed VMs and App Engine Classic(TM). The newer packages use the
context.Context instead of appengine.Context, so we no longer need the
oauth2.Context type.

Some clients will require code changes, replacing oauth2.Context or
appengine.Context with context.Context (imported from
the repository "golang.org/x/net/context").

Users of classic App Engine must switch to using the new
"google.golang.org/appengine" packages in order to use the oauth2
package.

Fixes #89

Change-Id: Ibaff3117117f9f7c5d1b3048a6e4086f62c18c3b
Reviewed-on: https://go-review.googlesource.com/6075
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-03-05 03:18:37 +00:00
Andrew Gerrand 5738e56ec6 oauth2: drop pre-1.4 workaround
Change-Id: Icac33569b4937602b0aac46ec36cc85b5aa53877
Reviewed-on: https://go-review.googlesource.com/6071
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-26 04:22:16 +00:00
Burcu Dogan 407aee3975 oauth2/google: add client_credentials.json Config constructor
Change-Id: I27969a381784f83db7cc8287f65f4ba6a1d972bb
Reviewed-on: https://go-review.googlesource.com/4968
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-02-17 23:11:05 +00:00
Yuki Yugui Sonoda 721c86aedb oauth2/google: fix decode error in Cloud SDK config
google.NewCloudSDK fails to decode credentials file if it contains
service account.
NOTE: the private key in testdata is generated only for this test.

Fixes #86 (https://github.com/golang/oauth2/issues/86).

Change-Id: I9e9e8e10763723d1bf1f953b491aa6e6f3ee760c
Reviewed-on: https://go-review.googlesource.com/4220
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-12 05:35:05 +00:00
Dave Day d838a7d6be oauth2/google: simplify the mechanism for overriding gcloud config location
Change-Id: I360fac6b13d11dda221beaa6b46ff386adfc2ec8
Reviewed-on: https://go-review.googlesource.com/4670
Reviewed-by: David Symonds <dsymonds@golang.org>
Run-TryBot: David Symonds <dsymonds@golang.org>
2015-02-12 04:54:22 +00:00
Burcu Dogan 864eccb6a0 oauth2: remove stale comment
Change-Id: If9fba85ac8b20545cee54cafe1c7672880acf498
Reviewed-on: https://go-review.googlesource.com/4391
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-02-10 15:57:03 +00:00
Dave Day d8ba9d6c17 google/appengine: change managed VMs context to context.Context
This follows the change to the google.golang.org/appengine packages
to use the standard context.Context type throughout.

Change-Id: I91b456105ee29f2088c3646145ea0a940f8ffaf4
Reviewed-on: https://go-review.googlesource.com/3172
Reviewed-by: Burcu Dogan <jbd@google.com>
Reviewed-by: David Symonds <dsymonds@golang.org>
2015-01-22 23:37:40 +00:00