Commit Graph

299 Commits

Author SHA1 Message Date
Daniel Kerwin 2159a45684 oauth2: add user.gini.net to the broken providers
Change-Id: I4fa586bec82309bad4dbb02ae6b722f9c19608f6
Reviewed-on: https://go-review.googlesource.com/9804
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-05-08 14:32:49 +00:00
Burcu Dogan ec6d5d770f oauth2: add test-sandbox.auth.corp.google.com to the broken providers
Change-Id: I1d2e1ea803283b5651a482445b9be60262b43c4e
Reviewed-on: https://go-review.googlesource.com/9343
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-04-27 20:39:21 +00:00
ttacon 23f31c341b oauth2: Add Box to the list of broken OAuth providers.
Change-Id: I85f44714ec0571dc0358aecdc1cde92dca954da0
Reviewed-on: https://go-review.googlesource.com/8830
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-04-21 00:15:29 +00:00
Aaron Torres a8c019d04a oauth2: add support for client credential grant type
Creates a new package called clientcredentials and
adds transport and token information to the internal
package. Also modifies the oauth2 package to make
use of the newly added files in the internal package.

The clientcredentials package allows for token requests
using a "client credentials" grant type.

Fixes https://github.com/golang/oauth2/issues/7

Change-Id: Iec649d1029870c27a2d1023baa9d52db42ff45e8
Reviewed-on: https://go-review.googlesource.com/2983
Reviewed-by: Burcu Dogan <jbd@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-04-18 00:13:27 +00:00
Burcu Dogan ce5ea7da93 oauth2: rename SetParam to SetAuthURLParam
SetParam is quite vague to represent an Option that sets the auth
URL query parameters. Renaming it for explicitness.

Fixes #108.

Change-Id: Ic9f0181097820ee83404c9432451d71658dd8c67
Reviewed-on: https://go-review.googlesource.com/8491
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-04-06 14:29:48 +00:00
Burcu Dogan d2a4aec992 oauth/google: fix the broken default credentials link
Change-Id: Iceb8f2fa393a1de4dbb0ab3b85ccee1da5c2b5b7
Reviewed-on: https://go-review.googlesource.com/8474
Reviewed-by: David Symonds <dsymonds@golang.org>
2015-04-05 01:25:05 +00:00
Brad Fitzpatrick c58fcf0ffc oauth2: fix test to work with Go tip also
json.UnmarshalError has a new field in Go 1.5. Adjust tests to cope.

Change-Id: I6733b2e14513794676e7329a828001f3f8c6c342
Reviewed-on: https://go-review.googlesource.com/8341
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-04-02 05:54:06 +00:00
Russell Haering 3046bc76d6 oauth2: allow callers to pass arbitrary auth URL parameters
Many OAuth 2.0 implementations support parameters beyond those supported
by this library. This change exports a SetParam function for
constructing arbitrary key/value parameters.

Change-Id: Ice4179e7c5341bbeac8a53e389b32d59415740fa
Reviewed-on: https://go-review.googlesource.com/8054
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-03-31 07:24:46 +00:00
Burcu Dogan 11c60b6f71 doc: fix the issues link
Fixes #103.

Change-Id: I4b2f871d7971575fc64d2110553aac42d42b4f7a
Reviewed-on: https://go-review.googlesource.com/8051
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-03-25 02:00:22 +00:00
Nikolay Turpitko ca8a464d23 oauth2: new endpoints
Added *.Endpoint constants for facebook, linkedin, odnoklassniki, paypal
and vk.

Related to issue #41.

Change-Id: Ib447ff773a540aa9bc932a0e18d9bb9ef8703f87
Reviewed-on: https://go-review.googlesource.com/7370
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-03-21 03:45:11 +00:00
Kun 40163b0293 oauth2: Add Strava to list of broken oauth2 endpoints
Fixes #101

Change-Id: I26b460dd0261c9599b2917ff97fa4f0c13218a3e
Reviewed-on: https://go-review.googlesource.com/7850
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-03-19 23:02:46 +00:00
Andrew Gerrand 798d582d94 google: implement application default credentials
Google is moving toward a default, language-agnostic way of obtaining
authentication credentials on App Engine and Compute Engine.
This change implements this mechanism.

Fixes #90.

Change-Id: Iaae4d60bbc75b1a9f2ec6ad14ab76fb2e279d756
Reviewed-on: https://go-review.googlesource.com/6074
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-03-19 05:52:14 +00:00
Andrew Gerrand e3a16b05d6 doc: add app engine docs to the readme
Change-Id: I71dc6930470ad64659a419dd578c91bb14c7cab2
Reviewed-on: https://go-review.googlesource.com/7713
Reviewed-by: David Symonds <dsymonds@golang.org>
2015-03-18 04:47:09 +00:00
Andrew Gerrand c4932a9b59 oauth2: clarify docs on Exchange (nil context isn't ok)
Fixes golang/oauth2#100

Change-Id: I28afb4f02b817ffd0ff91fb10bfca5306d2c21c6
Reviewed-on: https://go-review.googlesource.com/7615
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-03-16 02:10:04 +00:00
Kun 42633ef623 oauth2: Add TrainingPeaks to list of broken oauth2 endpoints
Fixes #97

Change-Id: I8c61214aeb5fdd049a4eddbf8e8a25b130c908b0
Reviewed-on: https://go-review.googlesource.com/7450
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-12 02:54:27 +00:00
Alex Bramley 7e88c64e80 oauth2: Add Pushbullet to set of broken providers.
https://api.pushbullet.com/ accepts client_secret as a POST body parameter
but not via HTTP basic auth, so it needs to be on this list. I have asked
them to fix it properly too :-)

Change-Id: Iff3cba20592c66d5a38755f47b05f1e992dfbad6
Reviewed-on: https://go-review.googlesource.com/7381
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-12 01:13:50 +00:00
Nikolay Turpitko 2167774341 oauth2: long if condition in providerAuthHeaderWorks replaced with loop
Long if condition replaced with loop.

Related to issue #41.

Change-Id: Ib5b88ce2ee2841e9b6c24d78f93bb027141bf678
Reviewed-on: https://go-review.googlesource.com/7290
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-03-11 04:57:51 +00:00
Nikolay Turpitko 6d4eed4495 oauth2: fix expires_in for PayPal
PayPal returns "expires_in" token field as string, not integer.
So, current implementation cannot unmarshal json of tokenJSON due type mismatch.
This patch fixes the issue declaring field as interface{} in tokenJSON and performing type switch in "func (e *tokenJSON) expiry()".

Related to issue #41.

Change-Id: I69301e08c8a56fca049ca47906e32528cd22aef9
Reviewed-on: https://go-review.googlesource.com/6924
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-10 04:54:57 +00:00
Burcu Dogan 54a4310f85 oauth2/google: ConfigFromJSON should support the installed app credentials
client_credentials.json may contain credentials for the installed
applications. Populate the Config depending on what's available in
the JSON key.

Change-Id: I47f494f1c31967a920fe557a9e8c1c4652943c4e
Reviewed-on: https://go-review.googlesource.com/7250
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-10 02:48:34 +00:00
Burcu Dogan 5cccf1a7e7 oauth2: add a test that checks token reuse
Change-Id: I6bd9cadc489418708635ca55a21955b94203bede
Reviewed-on: https://go-review.googlesource.com/7240
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-09 23:38:39 +00:00
Nikolay Turpitko 10e6bf9f9d oauth2: provider list modified in providerAuthHeaderWorks
Added vk.com and odnoklassniki.ru to provider list in providerAuthHeaderWorks.

Related to issue #41.

Change-Id: If1374528e8f1200d22f8694c5e32cdeae6ebb6ea
Reviewed-on: https://go-review.googlesource.com/6925
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-08 22:43:19 +00:00
HuKeping 5a0a1b2881 oauth2: remove unnecessary ClientSecret check
Since the empty client secret is permitted by the OAuth 2.0 spec.
The check for clientSecret in retriveTokoen is unnecessary.

Redo #6740

Signed-off-by: Hu Keping <hukeping@huawei.com>

Change-Id: I9126c79a1f8b9d6051c213ee3f93c442a36ca65d
Reviewed-on: https://go-review.googlesource.com/6900
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-05 23:19:29 +00:00
Andrew Gerrand 96e89befdc oauth2: remove oauth2.Context type, simplify App Engine token code
You can now use the "google.golang.org/appengine" packages on both
Managed VMs and App Engine Classic(TM). The newer packages use the
context.Context instead of appengine.Context, so we no longer need the
oauth2.Context type.

Some clients will require code changes, replacing oauth2.Context or
appengine.Context with context.Context (imported from
the repository "golang.org/x/net/context").

Users of classic App Engine must switch to using the new
"google.golang.org/appengine" packages in order to use the oauth2
package.

Fixes #89

Change-Id: Ibaff3117117f9f7c5d1b3048a6e4086f62c18c3b
Reviewed-on: https://go-review.googlesource.com/6075
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-03-05 03:18:37 +00:00
Burcu Dogan a0fac97f6e oauth2/internal: provide better error messaging if key parse fails
Change-Id: I4ad794fbcb58fa16e4f2bf7e113cab2451deab25
Reviewed-on: https://go-review.googlesource.com/5423
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-02 02:51:04 +00:00
Andrew Gerrand 5738e56ec6 oauth2: drop pre-1.4 workaround
Change-Id: Icac33569b4937602b0aac46ec36cc85b5aa53877
Reviewed-on: https://go-review.googlesource.com/6071
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-26 04:22:16 +00:00
Ryan Lower 85a72d36ea oauth2: Add stripe connect to list of bad OAuth2 providers
Stripe connect only accepts client secret using via the
Authorization header using 'Bearer' as the method (not 'Basic').

Change-Id: I978d9ce2092fbad3c1a00fde21d689c8e57a3cf1
Reviewed-on: https://go-review.googlesource.com/5532
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-23 02:33:40 +00:00
Andrew Gerrand 36fb42e1e8 doc: add CONTRIBUTING.md
Change-Id: I6cb60270a3de13fd5b8e06ae9ecffc08d6b6d8d5
Reviewed-on: https://go-review.googlesource.com/5222
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-02-18 23:42:55 +00:00
James Sweet 35468a7526 Adds twitch.tv to the list of known OAuth2 providers that do not implement the spec fully.
Change-Id: I4db53ae2d039de3ddf9cb84e4211d2e0c4f6c41f
Reviewed-on: https://go-review.googlesource.com/5180
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-18 19:43:35 +00:00
Burcu Dogan 407aee3975 oauth2/google: add client_credentials.json Config constructor
Change-Id: I27969a381784f83db7cc8287f65f4ba6a1d972bb
Reviewed-on: https://go-review.googlesource.com/4968
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-02-17 23:11:05 +00:00
Yuki Yugui Sonoda 721c86aedb oauth2/google: fix decode error in Cloud SDK config
google.NewCloudSDK fails to decode credentials file if it contains
service account.
NOTE: the private key in testdata is generated only for this test.

Fixes #86 (https://github.com/golang/oauth2/issues/86).

Change-Id: I9e9e8e10763723d1bf1f953b491aa6e6f3ee760c
Reviewed-on: https://go-review.googlesource.com/4220
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-12 05:35:05 +00:00
Dave Day d838a7d6be oauth2/google: simplify the mechanism for overriding gcloud config location
Change-Id: I360fac6b13d11dda221beaa6b46ff386adfc2ec8
Reviewed-on: https://go-review.googlesource.com/4670
Reviewed-by: David Symonds <dsymonds@golang.org>
Run-TryBot: David Symonds <dsymonds@golang.org>
2015-02-12 04:54:22 +00:00
Burcu Dogan 864eccb6a0 oauth2: remove stale comment
Change-Id: If9fba85ac8b20545cee54cafe1c7672880acf498
Reviewed-on: https://go-review.googlesource.com/4391
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-02-10 15:57:03 +00:00
Péter Surányi b0e7ac8c3a oauth2: Context godoc typo fix
Change-Id: I9fbc394a6545754621e808f5d6c4f7622248eaa2
Reviewed-on: https://go-review.googlesource.com/4163
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-02-08 18:20:03 +00:00
Andrew Gerrand 1406aeefb0 oauth2: clarify comment about tokenRefresher's thread safety
Change-Id: I9a3faedb8faf7701be7c82c7fff964b56d7c96c8
Reviewed-on: https://go-review.googlesource.com/4116
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-02-07 21:36:27 +00:00
Jim Cote cc2494a288 oauth2: fixes tokenRefresher.Token() ignores new refresh_token
Fixes bug documented in Issue #84 (https://github.com/golang/oauth2/issues/84#issuecomment-72711375).

During a refresh request, a new refresh token MAY be returned by the authorization server.  When this occurs, tokenRefesher.Token() fails to capture the new refresh token leaving it with an invalid refresh token for future calls.

Change-Id: I33b18fdbb750549174865f75eddf85b9725cf281
Reviewed-on: https://go-review.googlesource.com/4151
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-02-07 21:11:15 +00:00
Paul Rosania 6f28996586 oauth2: Resource Owner Password Credentials grant
Adds support for the Resource Owner Password Credentials grant type, which
allows trusted clients to exchange user credentials for an access token
directly. This is generally a bad idea, but is extremely useful in some
situations, where an external redirect is undesirable or impossible.

See https://tools.ietf.org/html/rfc6749#section-4.3

Change-Id: I28efd77957bcf8e1174e93ba0c64a990b94eb839
Reviewed-on: https://go-review.googlesource.com/3862
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-02-06 10:06:27 +00:00
Aaron Jacobs 7b840c3264 oauth2: Remove what appears to be an out of date comment.
TokenRefresher with that capitalization is not a symbol, and SetToken
doesn't occur anywhere in the package as far as I can tell.

Change-Id: If61f059ed8bb1ca21e27aa99669e542160747fe7
Reviewed-on: https://go-review.googlesource.com/3958
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-02-05 23:49:51 +00:00
Aaron Jacobs 53c5ae1b31 oauth2: Fix some redundant wording in the docs for AccessTypeOnline.
Change-Id: I124553bd38b229e409e152cf364d55c847b70ba4
Reviewed-on: https://go-review.googlesource.com/3950
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-02-05 16:18:09 +00:00
Andrew Gerrand 27daa780a8 oauth2: add googleapis.com to list of broken oauth2 endpoints
Fixes #85

Change-Id: Ic60eee227763ab4041248716880416056c850f95
Reviewed-on: https://go-review.googlesource.com/3873
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-02-04 14:04:51 +00:00
Burcu Dogan 2b74ab268d oauth2: expire the tokens 10 seconds earlier
It avoids the late expiration due to the server time mismatch.

Change-Id: I126a76cff112fbeb92b71dd036195555b20e637b
Reviewed-on: https://go-review.googlesource.com/3307
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-26 21:59:20 +00:00
Dave Day d8ba9d6c17 google/appengine: change managed VMs context to context.Context
This follows the change to the google.golang.org/appengine packages
to use the standard context.Context type throughout.

Change-Id: I91b456105ee29f2088c3646145ea0a940f8ffaf4
Reviewed-on: https://go-review.googlesource.com/3172
Reviewed-by: Burcu Dogan <jbd@google.com>
Reviewed-by: David Symonds <dsymonds@golang.org>
2015-01-22 23:37:40 +00:00
Burcu Dogan 267028f9bc oauth2/internal: fix the broken ini parsing test
Change-Id: I1032b759e036f57bc49eec951d08d8b22728c1a0
Reviewed-on: https://go-review.googlesource.com/3117
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-21 19:53:08 +00:00
Johan Euphrosine ab6e11b96c oauth2/google: add config type to use Cloud SDK credentials
Change-Id: Ied7fecc0cb155c33faca7766b81221eacb3aa0c0
Reviewed-on: https://go-review.googlesource.com/1670
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-01-21 19:13:56 +00:00
Burcu Dogan 95a9f97e51 oauth2: don't require the appengine package during go-get
"appengine appenginevm" requires the Classic dependencies to
be go-getted. Our travis build doesn't have the right setup
to checkout the Classic App Engine package to the Travis
instance.

Change-Id: I13daa505be4c8ac209021c7e69a114f5eddd6d1e
Reviewed-on: https://go-review.googlesource.com/2982
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-17 18:51:33 +00:00
Burcu Dogan b4b040c683 oauth2: fix the build
Travis build is still depending on the old build tag configuration
which is now invalid.

Change-Id: I9db75f5d65d5cd9b8f2350815f190ea93ed6d6d9
Reviewed-on: https://go-review.googlesource.com/2956
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-16 21:06:43 +00:00
Burcu Dogan 3e0a89646b oauth2/google: exclude the App Engine implementations if not on an AE app
Change-Id: If44bb4498975495301b85e2cf44f73d3373ab16c
Reviewed-on: https://go-review.googlesource.com/2980
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-16 20:45:34 +00:00
Brad Fitzpatrick 2e66694fea oauth2/google: remove unused context parameter from JWTConfigFromJSON
Change-Id: I392ecf76b68f51840a9e4a27596e9ff3724d9128
Reviewed-on: https://go-review.googlesource.com/2732
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-01-13 23:34:08 +00:00
Brad Fitzpatrick 5361962df4 oauth2/google: use the metadata package, cleanups
Verified it compiles on Go 1.2 now too.

Fixes golang/oauth2#70

Change-Id: I099a86676d2464b3840f1798bbca914a202eb195
Reviewed-on: https://go-review.googlesource.com/2372
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-01-06 20:06:52 +00:00
Burcu Dogan 685f9f8718 oauth2: Token.Extra should be type agnostic
Change-Id: Ic8496d10de47181f6b9c16360b5101c6314d71ee
Reviewed-on: https://go-review.googlesource.com/1653
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-02 19:45:10 +00:00
Brad Fitzpatrick ed997606a9 oauth2, oauth2/jwt: break JWT off into its own package
Change-Id: Iaaa36728f87744e0d9609674f0d0ad96e6ac80b4
Reviewed-on: https://go-review.googlesource.com/2198
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-01-02 18:35:08 +00:00