Commit Graph

392 Commits

Author SHA1 Message Date
zachgersh 3d1522b268 oauth2: add examples for basic/custom HTTP client
- provides a bare and custom context example
demonstrating that http client attributes are
not always passed along.
- adds clarifying note to the oauth2.go NewClient
godoc.
- trim down example_test

Change-Id: Iad6697eed83429c36b9ba0efc43293f4910938fb
Reviewed-on: https://go-review.googlesource.com/36553
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: JBD <jbd@google.com>
2017-09-01 17:26:33 +00:00
Ross Light 9a379c6b3e google: add JSON field to DefaultCredentials
Change-Id: I9cde8eabf4a2cb87db74f7b805045e155fd4ef13
Reviewed-on: https://go-review.googlesource.com/51111
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-08-07 18:00:24 +00:00
Jaana Burcu Dogan 96fca6c793 LICENSE: attribute to the Go authors
Fixes #242.

Change-Id: Idbb9853e3ffd51aaad6a022a8a736408273e3549
Reviewed-on: https://go-review.googlesource.com/52610
Reviewed-by: Andrew Bonventre <andybons@golang.org>
2017-08-02 15:54:48 +00:00
Kevin Burke b53b38ad8a README: add links for contributions
Previously we described where to submit patches and report issues but
didn't have links to the right places, so let's fix that.

Change-Id: I49d9bf5f1570ba495454fa32f5fec4faa66f9667
Reviewed-on: https://go-review.googlesource.com/49851
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-07-19 20:01:32 +00:00
voutasaurus cce311a261 internal: fix broken auth header provider
Change I9cfd46787ebfb27cf2775dd3357eb26e089322a3 added
login.microsoft.net as a broken auth header provider. This was meant to
be login.windows.net. This change removes login.microsoft.net and adds
login.windows.net.

Change-Id: I6178053ab5c86b4f38996042384e1f4a139560aa
Reviewed-on: https://go-review.googlesource.com/47250
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-06-29 19:07:18 +00:00
Bastian Ike 626d87b993 internal: Use provided context in subsequent request
Currently the HTTP request does not set the given context.
This change sets the context (if not nil) on the request.

Change-Id: I4bb21636d05050a68ba70ce92f9bf9ba608fbfad
Reviewed-on: https://go-review.googlesource.com/45370
Run-TryBot: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-06-29 18:09:26 +00:00
voutasaurus 5432cc9688 internal: add broken auth header provider
Azure AD applications use login.microsoft.net for token URLs for OAuth
and OpenID Connect. This service expects the OAuth client ID and client
secret in the body of the OAuth exchange request.

Fixes #238

Change-Id: I9cfd46787ebfb27cf2775dd3357eb26e089322a3
Reviewed-on: https://go-review.googlesource.com/47097
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-06-29 03:27:40 +00:00
Ross Light f047394b6d oauth2: add test for preserving refresh token if none is received
This passes right now, but it's not obvious from looking at
tokenRefresher why it works.  It depends on logic in
internal.RetrieveToken.  I'm working on a larger refactor, but I want to
keep the test in place to avoid future regressions from seemingly
harmless code movements.

Change-Id: I742ccb952fbc069ca0887a556e362a0e59bef79b
Reviewed-on: https://go-review.googlesource.com/43573
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-05-17 17:44:39 +00:00
Martin Hoefling ad516a297a oauth2: adds sipgate api to brokenAuthHeaderProviders
according to the documentation, client_id and client_secret must be
provided in the token request:

https://api.sipgate.com/doc/#!/authorization/createOauthAccessToken

Change-Id: I4133a1bfc4d2474013e6b716451c98cb93e30da8
Reviewed-on: https://go-review.googlesource.com/43170
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-05-10 21:56:23 +00:00
Dave Day e7a4820799 internal: add Shopify to list of broken auth providers
Shopify uses URLs in the form my-shop-id.myshopify.com as the endpoints
for its OAuth2 dances.

Change-Id: I73d98ca285991b2f73dd9d8d366d3fdbe249e741
Reviewed-on: https://go-review.googlesource.com/42630
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-05-07 21:47:37 +00:00
Jaana Burcu Dogan a6bd8cefa1 amazon: add amazon endpoints
Change-Id: Ib34eee690295615576ea6b0a5a17fa4ecde0ce01
Reviewed-on: https://go-review.googlesource.com/40402
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-04-12 23:27:59 +00:00
Eric Chiang 7fdf099824 clientcredentials: update RFC doc link
Fixes golang/oauth2#211

Change-Id: I84a09ea933379420d49883c582aa4f6ede8de544
Reviewed-on: https://go-review.googlesource.com/38387
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-03-21 01:34:21 +00:00
Eric Chiang 7374b3f1ec internal: recognize Salesforce and Okta domains as broken providers
Fixes golang/oauth2#166

Change-Id: Ib3854db4a28a596af3565a84843fc0fa66709193
Reviewed-on: https://go-review.googlesource.com/38376
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-03-21 00:32:59 +00:00
Jaana Burcu Dogan 30fcca6531 note that Gerrit is used for reviews on README
Fixes golang/oauth2#217.

Change-Id: I251a74b9b26f6b911333bc5d31d0a96a5734ea60
Reviewed-on: https://go-review.googlesource.com/36914
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-03-15 17:32:23 +00:00
Jaana Burcu Dogan 1611bb46e6 internal: don't set client_id and client_secret form values if empty
Fixes golang/oauth2#220.

Change-Id: Ic43b10971e102a8571c7bc895c3ad02b80b685ee
Reviewed-on: https://go-review.googlesource.com/38135
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-03-13 20:11:47 +00:00
Richard Musiol 01b79d9447 clientcredentials: add option for additional endpoint parameters
This is to support https://auth0.com/docs/api-auth/config/asking-for-access-tokens.

Fixes https://github.com/golang/oauth2/issues/216

Change-Id: I9b8fdb4fe22c688fd71e43bd21d80b796434b8b0
Reviewed-on: https://go-review.googlesource.com/36880
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-03-13 17:59:03 +00:00
Jaana Burcu Dogan efb10a3061 oauth2: add example how to use a custom HTTP client
Change-Id: Iffff423c167610c80e8dd1c51945c32b781e8653
Reviewed-on: https://go-review.googlesource.com/37695
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-03-02 20:23:04 +00:00
Jaana Burcu Dogan 8cf58155e4 google: remove code duplication, note appenginevm case
Before AppEngine classic allowed "google.golang.org/appengine" imports,
we used to maintain two hook files to choose either from "appengine" or
"google.golang.org/appengine" namespaces. Now, both environments allow
importing from "google.golang.org/appengine". Therefore, there
is no need to set hooks in two separate files.

Also note that Flex prefers to use metadata server, so we still
need to be able to differentiate between these environments.

Change-Id: I7478ebdfa1b062d466aaf2aca938f93d42b4c58a
Reviewed-on: https://go-review.googlesource.com/37378
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-03-02 20:00:26 +00:00
Sergey Mishin 810daf0509 oauth2: add Yandex endpoint
Checked with simple application, worked good for me.

Change-Id: I068b33c1b44a338a7b0a9b17220bc39db81f2eed
Reviewed-on: https://go-review.googlesource.com/37443
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-02-27 16:23:13 +00:00
Ahmet Alp Balkan b9780ec788 internal: simplify map value literal
gofmt -s -w -l does this simplification. Running gofmt when this
package is vendored causes the vendored file to be simplified.

Change-Id: I00502ff564bd5cff2614a8372db7beb1eb4519ec
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Reviewed-on: https://go-review.googlesource.com/37013
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-02-14 23:18:24 +00:00
Jaana Burcu Dogan e1e827deaa clientcredentials: fix comment for Client struct to match godoc style
Godoc comments should start with the name of the thing they are describing.

Change-Id: Ic248aa8f549b22c716bf967c7574452085ea8c48
Reviewed-on: https://go-review.googlesource.com/36945
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-02-14 18:55:41 +00:00
Jaana Burcu Dogan de0725b330 internal: add Facebook Graph API to the brokens list
CL/23790 breaks the calls to Facebook, adding Facebook
to the brokens list is reported to fix the problem.

Fixes golang/oauth2#214.

Change-Id: I3b3440de723b4933bc49b5a52698c825affbf643
Reviewed-on: https://go-review.googlesource.com/36633
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-02-09 00:21:43 +00:00
Pablo Lalloni 4464e78483 oauth2: remove scope & client_id params from access token request
Remove "scope" & "client_id" from "token request" in the "access token 
request" of the "authorization code grant" flow, keeping "client_id"
in case the provider is one of the known to be broken ones.

Please see https://tools.ietf.org/html/rfc6749#section-4.1.3

This change is required for interoperation with OpenAM.

Fixes golang/oauth2#145
Fixes golang/oauth2#110
Fixes golang/oauth2#188

Change-Id: Ie34c74980a6db7b5d34c851fb55a7d629fc7083e
Reviewed-on: https://go-review.googlesource.com/23790
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-02-07 21:18:51 +00:00
Tristan Colgate 314dd2c0bf golang.org/x/oauth2/jwt: Set kid to KeyID of private key
Set the KeyID hint in the token header. This allows remote servers to
identify the key used to sign the message.

Fixes #18307

Change-Id: Ib95398079833aad6b390650b465d7b09b5f53fda
Reviewed-on: https://go-review.googlesource.com/34320
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-12-19 19:29:54 +00:00
Akihiro Suda 96382aa079 google: prefer os.Getenv("HOME") over os/user.Current() so as to avoid SEGV
Due to an issue in handling thread-local storages, os/user can lead to SEGV
when glibc is statically linked with.

So we prefer os.Getenv("HOME") for guessing where is the home directory.

See also: golang/go#13470

Change-Id: I1046ff93a71aa3b11299f7e6cf65ff7b1fb07eb9
Reviewed-on: https://go-review.googlesource.com/34175
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-12-13 07:49:53 +00:00
Marin da3ce8d62a token: added new broken auth header providers
Change-Id: I78b9e3dd126cfebb982ac1ddced09db53569d2bd
Reviewed-on: https://go-review.googlesource.com/34251
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-12-09 21:20:37 +00:00
Ross Light f6093e37b6 google: add DefaultCredentials function
This new function allows reading the project ID from a service account
JSON file without an additional disk read.

Change-Id: I1f03ca3ca39a2ae3bd6524367c17761b0f08de45
Reviewed-on: https://go-review.googlesource.com/32876
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-11-30 17:46:31 +00:00
Ross Light d5040cddfc google: refactor JWT parsing code internally
The ADC code and the JWT-parsing function operate on the same data
format, but were using separate code paths, each of which was missing
things from the other.

While this presents no change in API surface, JWTConfigFromJSON now
strictly checks the "type" field in the JSON file before building a
config.

Change-Id: I2f593a16bf4591059fbf9002bccea06e41e5e161
Reviewed-on: https://go-review.googlesource.com/32678
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-11-07 20:33:27 +00:00
Joseph Anthony Pasquale Holsten 36bc61733f clientcredentials: inline singly-used functions
Simplifies clientcredentials into a structure similar to
http://golang.org/cl/23611/

Change-Id: Id4251664827ccdd94f8415ac506be92772a1fa71
Reviewed-on: https://go-review.googlesource.com/23830
Reviewed-by: Andrew Gerrand <adg@golang.org>
2016-11-03 20:06:23 +00:00
Gareth Paul Jones 25b4fb1468 oauth2: add Foursquare's Endpoint
Change-Id: If23b45150ac52c96f126e7d8e2a15f586bc3ac1c
Reviewed-on: https://go-review.googlesource.com/32010
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-10-25 20:08:26 +00:00
Joe Tsai 1e695b1c8f oauth2: fix brittle test
A change introduced in https://golang.org/cl/18692 expanded upon the errors
returned by the json package to be more informative about where the error occurred.
This breaks a test in oauth2 that relies on the exact form that an error takes.
Fix this test by simply checking whether it passes or not.

Fixes golang/go#17363
Updates golang/go#11811

Change-Id: I0062dc64fc1a8fd094b14ed1d0b21528edfbb282
Reviewed-on: https://go-review.googlesource.com/30600
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
2016-10-07 18:00:02 +00:00
Jaana Burcu Dogan 3c3a985cb7 oauth2: fix more poorly styled test messages
There is not a good way of autogenerating the style fixes, hence I am
manually fixing them in small chunks.

Change-Id: I1fee5956dae93f38b8f1e7460b74d3d96e7ccd2c
Reviewed-on: https://go-review.googlesource.com/27922
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-09-02 05:59:13 +00:00
Jaana Burcu Dogan 2d2b68866f google: make JWTConfigFromJSON set TokenURL from the JSON's token_uri
Fixes golang/oauth2#199.

Change-Id: I534def935c7143e4276b5d880127b0af35409f9a
Reviewed-on: https://go-review.googlesource.com/28411
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-09-02 05:03:02 +00:00
Jaana Burcu Dogan 4d549c893b doc: add godoc button
Little detail that makes it easier to find the link to godoc.

Change-Id: Ic3fb467ae23bce3cc2e3801d78221a4187be4462
Reviewed-on: https://go-review.googlesource.com/27915
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-26 21:49:38 +00:00
Jaana Burcu Dogan e839600e66 oauth2, jws, internal: more style fixes for bad test messages
Change-Id: Id2805fd77fb11d975414eb66689efab284a18805
Reviewed-on: https://go-review.googlesource.com/27911
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-26 21:49:23 +00:00
Jaana Burcu Dogan 68218bf41b jwt: fix bad test message style
Change-Id: I84c311778a1ad3e824e65c1e797223f51f0bc2ea
Reviewed-on: https://go-review.googlesource.com/27890
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-26 17:23:11 +00:00
Jaana Burcu Dogan 75e75ddc3d jws: add notice that the package might be removed
This package is not a general-use JWS implementation and should live
under internal. For now, just add a warning that no new users should
depend on it.

Updates #196.

Change-Id: I0eef273c8327a5ad26eb33a4425afcadca23494b
Reviewed-on: https://go-review.googlesource.com/27692
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-25 17:13:15 +00:00
Jaana Burcu Dogan c10ba270aa all: deprecate NoContext
There is no good reason why we suggest NoContext rather than
context.Background(). When the oauth2 library first came around, the
community was not familiar with the x/net/context package. For
documentation reasons, we decided to add NoContext to the oauth2
package. It was not a good idea even back then. And given that context
package is fairly popular, there is no good reason why we are
depending on this.

Updating all the references of NoContext with context.Background
and documenting it as deprecated.

Change-Id: I18e390f1351023a29b567777a3f963dd550cf657
Reviewed-on: https://go-review.googlesource.com/27690
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-08-24 22:57:17 +00:00
Edward Muller 54f42edba4 heroku: Add Heroku's endpoints
The endpoints are documented here:
https://devcenter.heroku.com/articles/oauth

Change-Id: Ie8012d7588fc29afda7dd64f999c7418c32a5df2
Reviewed-on: https://go-review.googlesource.com/27635
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-23 22:06:57 +00:00
Prasanna Swaminathan 3b966c7f30 mediamath: add MediaMath endpoints
Change-Id: I8646fa393bcc3475dbab85a83561154818de95ce
Reviewed-on: https://go-review.googlesource.com/27233
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-17 16:31:01 +00:00
Matthieu Hauglustaine 4784bb855e uber: Add Uber API endpoints
The endpoints are documented here:
https://developer.uber.com/docs/rides/authentication#oauth-20

Change-Id: I5fc0fff1f48393938548bc5071bc35f32d259a7a
Reviewed-on: https://go-review.googlesource.com/26690
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-10 17:35:16 +00:00
Jonathan Amsterdam 04e1573abc oauth2/google: change import paths
Change google.golang.org/cloud to cloud.google.com/go.

Change-Id: I6955a38ab97019d3d1dc094979e0ca2e45dea071
Reviewed-on: https://go-review.googlesource.com/25363
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-08-03 22:09:26 +00:00
Jon Chen 0aec23fa62 oauth2: add reference to clientcredentials package
This adds a reference to the golang.org/x/oauth2/clientcredentials
package in the docstring for oauth2.Config.

Change-Id: Iee0f36e07fda76c25b9f79e0db3807867a39fab2
Reviewed-on: https://go-review.googlesource.com/25387
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-08-01 21:49:32 +00:00
Brad Fitzpatrick 1364adb2c6 oauth2: fix stale docs
NewTransportWithCode no longer exists.

Change-Id: Iccb1abc5700ecc97d6bd73313c88676e19f2c396
Reviewed-on: https://go-review.googlesource.com/25118
Reviewed-by: Mike Wiacek <mjwiacek@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-07-21 17:20:30 +00:00
Sean Rees 12e1e98615 google: fix warnings from go vet
go vet reports the following warnings:
google/jwt_test.go:85:
missing argument for Fatalf("%q"): format reads arg 2, have only 1 args

google/sdk_test.go:28:
wrong number of args for format in Errorf call: 1 needed but 2 args

Change-Id: If5acfae42b558ced7694dd7bc6f12ab4a3cb6115
Reviewed-on: https://go-review.googlesource.com/24992
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-07-19 16:36:24 +00:00
Sean Rees 08c8d727d2 oauth2: fix warning from go vet
go vet reports the following warning:
oauth2.go:298: golang.org/x/oauth2/internal.ErrorTransport \
composite literal uses unkeyed fields

Change-Id: I576234fcaedb745702fdf8c3431e55128788079d
Reviewed-on: https://go-review.googlesource.com/24991
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-07-18 22:32:28 +00:00
Dave Day a870243201 jws: use base64.RawURLEncoding
The Raw (unpadded) version of URL encoding was introduced in Go 1.5.
Since we no longer need to support Go 1.4 (and indeed, Go 1.4 won't work
because of our dependency on golang.org/x/net/context), we can simplify
the base64 encoding/decoding to use this directly.

Fixes golang/oauth2#190.

Change-Id: Ic2676edf5fe5b4d1680409fd9c02bd1c287ca39f
Reviewed-on: https://go-review.googlesource.com/25000
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-07-18 01:11:30 +00:00
Brad Fitzpatrick 4470bd844e google: fix the build when appengine isn't present
See https://build.golang.org/log/c3e046245c4eafbb7b2571ef9ac144b0d29ba2b5

Updates golang/go#11811

Change-Id: I16d2ac26dcda123e1bd8c456e490f6ca45111d24
Reviewed-on: https://go-review.googlesource.com/24946
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-07-15 18:42:06 +00:00
Jaana Burcu Dogan 7357e96168 internal: decapitalize the argument names
Change-Id: I108ea0e49c5a96afb616918b9367085c159fb157
Reviewed-on: https://go-review.googlesource.com/24770
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-07-06 23:19:41 +00:00
Dave Day df5b72659a google: support key ID in JWTAccessTokenSourceFromJSON
Change-Id: I20ffede5bf81aa4990afb2820561d5633cdb43a8
Reviewed-on: https://go-review.googlesource.com/24440
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-07-02 01:08:09 +00:00