Commit Graph

53 Commits

Author SHA1 Message Date
Manigandan Dharmalingam 83fa6db42e stackoverflow: add stack overflow tokenurl in brokenAuthHeaderProviders list. 2018-06-20 22:57:19 +05:30
Val Polouchkine 113ce6928c internal: add Twitch's other endpoint to blacklist
Twitch uses two domains for OAuth: https://dev.twitch.tv/docs/authentication/

Change-Id: I33f74e0c282b9e35c5b266980d1eb62f4fa419a8
Reviewed-on: https://go-review.googlesource.com/119515
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-06-18 22:07:33 +00:00
fenwickelliott 6881fee410 internal: add todaysplan urls to brokenAuthHeaderProviders
Adds 'https://multisport.todaysplan.com.au/rest/oauth/access_token' and 'https://whats.todaysplan.com.au/rest/oauth/access_token' to brokenAuthHeaderProviders string slice.

fixes #267

Change-Id: I762f5f698a81cbc5929c604d1da2677a2c6a52a5
Reviewed-on: https://go-review.googlesource.com/105475
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-04-16 19:45:28 +00:00
Fredrik Wallgren 2f32c3ac0f mailchimp: add MailChimp provider
Added MailChimp endpoints as per documentation:
http://developer.mailchimp.com/documentation/mailchimp/guides/how-to-use-oauth2/

Add MailChimp to brokenAuthHeadersProviders since they require the
client id and secret as query parameters.

Fixes #272

Change-Id: I155d0c7e34f13477ac87b225e9a278d79c3a2a44
Reviewed-on: https://go-review.googlesource.com/96635
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-02-28 17:30:56 +00:00
Tristan Colgate d7d64896b5 internal: remove facebook from brokenAuthHeadersProviders
A friend who now works at Facebook informs me that this is now fixed on their
side. I've asked for some public reference.

Change-Id: I68627e3211f24bc4bea7c698d1126438a0e8ab0d
Reviewed-on: https://go-review.googlesource.com/97055
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-02-27 00:04:27 +00:00
Charles Fenwick Elliott 543e37812f internal: add more brokenAuthHeadersProviders
Add log.finalsurge.com and api.medium.com

Fixes #267

Change-Id: I8a902f418f04ff87539fe2edda350a81974aaa6e
Reviewed-on: https://go-review.googlesource.com/92655
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-02-07 18:19:06 +00:00
Paul Tyng a032972e28 internal: Add .auth0.com to broken domains
Auth0 does not support `client_id` in basic auth
**without** a `client_secret` but they do support
one or both in the body.

Auth0 also uses account specific subdomains, so
needs to be in the domain suffix broken handling.

Change-Id: I06abec5c228c746b8b90758f452016eeb67f3e98
Reviewed-on: https://go-review.googlesource.com/70010
Reviewed-by: K.J. Valencik <kjvalencik@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-01-26 16:49:32 +00:00
Ross Light 876b1c6ee6 internal: remove RegisterContextClientFunc
This function added a totally unused error path, since the only call
site is for App Engine, which cannot produce an error.

Change-Id: I86277ab4ff96e7bd140c53c5a114a338716668e3
Reviewed-on: https://go-review.googlesource.com/85935
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-01-03 15:50:54 +00:00
Ross Light ee2bad97a9 internal: return error if no access_token present in server response
This behavior and test was introduced in 0ae3d4edc9.
It is not consistent with the other test introduced in the same commit,
where an incorrectly typed access_token does produce an error.  Since a
*Token with a blank AccessToken is invalid, it is allowing an invalid
token to be returned without error.

Cleans up some tests responding with invalid data.

Change-Id: I777eb7a82ef598dc9042542ae65f8dce6768902e
Reviewed-on: https://go-review.googlesource.com/85659
Reviewed-by: Andrew Bonventre <andybons@golang.org>
2018-01-03 00:38:26 +00:00
Ross Light 90155042cb internal: inline CondVal function
Change-Id: Ic1115ab639e2d7b499c3400b5310575a36b1b796
Reviewed-on: https://go-review.googlesource.com/85320
Reviewed-by: Tim Cooper <tim.cooper@layeh.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-01-02 15:01:22 +00:00
Ross Light 174986b227 internal: move ParseINI into google
This was the only usage of the function.

Change-Id: I081e20789ea9e37fe96f764641078472153bf577
Reviewed-on: https://go-review.googlesource.com/85197
Reviewed-by: Andrew Bonventre <andybons@golang.org>
2018-01-02 15:01:02 +00:00
Ross Light 40a09c6c04 internal: fix flaky context test
Change-Id: I877fbcfdde33559baabbda2c275164dd98256892
Reviewed-on: https://go-review.googlesource.com/85196
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-01-02 15:00:49 +00:00
Tim Cooper 0448841f0c oauth2: add error type for unsuccessful token endpoint status
Allows the HTTP response and body to be extracted without parsing
the error string, but keeps backwards compatibility for users who
are currently doing so.

Fixes golang/oauth2#173

Change-Id: Id7709da827a155299b047f0bcb74aa8f91b01e96
Reviewed-on: https://go-review.googlesource.com/84156
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-12-19 02:07:21 +00:00
Brad Fitzpatrick ea8c6730ed internal: fix test on Go 1.10
Go 1.10 no longer sets implicit Content-Type on empty output.

Updates golang/go#20784

Change-Id: I3f13f76b94b58869481218ea2e1805f5f4175fd7
Reviewed-on: https://go-review.googlesource.com/82017
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-12-05 22:58:16 +00:00
Max Schmitt f95fa95eaa internal: add login.live.com to brokenAuthHeaderProviders
This adds 'https://login.live.com/' as a broken auth header provider.
Without this change the provider which is integrated in
golang.org/x/oauth2/microsoft isn't working correctly and returns
a "The provided value for the 'client_secret' parameter is not valid"
response from the endpoint.

Change-Id: I1887e1ad049ce37f81322de84dcddd0ce486d6e1
Reviewed-on: https://go-review.googlesource.com/78555
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-11-17 23:52:51 +00:00
Vladimir Varankin 9ff8ebcc8e oauth2: fix some typos in code comments
Change-Id: I3bd85f097e30d693965541eac65df057288c2086
Reviewed-on: https://go-review.googlesource.com/73130
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-11-06 15:28:52 +00:00
Tim Cooper bb50c06bab oauth2/internal: remove duplicate package documentation
Fixes golang/go#15855

Change-Id: I71a532a95995fbbfd8a9acd75244537cd05f02f0
Reviewed-on: https://go-review.googlesource.com/66730
Reviewed-by: JBD <jbd@google.com>
2017-09-28 01:05:08 +00:00
Aeneas Rekkas (arekkas) 13449ad91c internal: urlencode client id and secret in header
As per https://tools.ietf.org/html/rfc6749#section-2.3.1 client IDs and secrets must be urlencoded in the authorization header. This patch addresses this by wrapping clientID and clientSecret with url.QueryEscape. A dedicated test for unsafe-url client IDs and secrets has been added as well.

Closes #237

Change-Id: I1f277b52caef4932e14147be8fb1712203da51d0
Reviewed-on: https://go-review.googlesource.com/46473
Reviewed-by: JBD <jbd@google.com>
2017-09-12 21:29:05 +00:00
voutasaurus cce311a261 internal: fix broken auth header provider
Change I9cfd46787ebfb27cf2775dd3357eb26e089322a3 added
login.microsoft.net as a broken auth header provider. This was meant to
be login.windows.net. This change removes login.microsoft.net and adds
login.windows.net.

Change-Id: I6178053ab5c86b4f38996042384e1f4a139560aa
Reviewed-on: https://go-review.googlesource.com/47250
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-06-29 19:07:18 +00:00
Bastian Ike 626d87b993 internal: Use provided context in subsequent request
Currently the HTTP request does not set the given context.
This change sets the context (if not nil) on the request.

Change-Id: I4bb21636d05050a68ba70ce92f9bf9ba608fbfad
Reviewed-on: https://go-review.googlesource.com/45370
Run-TryBot: Chris Broadfoot <cbro@golang.org>
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-06-29 18:09:26 +00:00
voutasaurus 5432cc9688 internal: add broken auth header provider
Azure AD applications use login.microsoft.net for token URLs for OAuth
and OpenID Connect. This service expects the OAuth client ID and client
secret in the body of the OAuth exchange request.

Fixes #238

Change-Id: I9cfd46787ebfb27cf2775dd3357eb26e089322a3
Reviewed-on: https://go-review.googlesource.com/47097
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-06-29 03:27:40 +00:00
Martin Hoefling ad516a297a oauth2: adds sipgate api to brokenAuthHeaderProviders
according to the documentation, client_id and client_secret must be
provided in the token request:

https://api.sipgate.com/doc/#!/authorization/createOauthAccessToken

Change-Id: I4133a1bfc4d2474013e6b716451c98cb93e30da8
Reviewed-on: https://go-review.googlesource.com/43170
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-05-10 21:56:23 +00:00
Dave Day e7a4820799 internal: add Shopify to list of broken auth providers
Shopify uses URLs in the form my-shop-id.myshopify.com as the endpoints
for its OAuth2 dances.

Change-Id: I73d98ca285991b2f73dd9d8d366d3fdbe249e741
Reviewed-on: https://go-review.googlesource.com/42630
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-05-07 21:47:37 +00:00
Eric Chiang 7374b3f1ec internal: recognize Salesforce and Okta domains as broken providers
Fixes golang/oauth2#166

Change-Id: Ib3854db4a28a596af3565a84843fc0fa66709193
Reviewed-on: https://go-review.googlesource.com/38376
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2017-03-21 00:32:59 +00:00
Jaana Burcu Dogan 1611bb46e6 internal: don't set client_id and client_secret form values if empty
Fixes golang/oauth2#220.

Change-Id: Ic43b10971e102a8571c7bc895c3ad02b80b685ee
Reviewed-on: https://go-review.googlesource.com/38135
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-03-13 20:11:47 +00:00
Ahmet Alp Balkan b9780ec788 internal: simplify map value literal
gofmt -s -w -l does this simplification. Running gofmt when this
package is vendored causes the vendored file to be simplified.

Change-Id: I00502ff564bd5cff2614a8372db7beb1eb4519ec
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Reviewed-on: https://go-review.googlesource.com/37013
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-02-14 23:18:24 +00:00
Jaana Burcu Dogan de0725b330 internal: add Facebook Graph API to the brokens list
CL/23790 breaks the calls to Facebook, adding Facebook
to the brokens list is reported to fix the problem.

Fixes golang/oauth2#214.

Change-Id: I3b3440de723b4933bc49b5a52698c825affbf643
Reviewed-on: https://go-review.googlesource.com/36633
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-02-09 00:21:43 +00:00
Pablo Lalloni 4464e78483 oauth2: remove scope & client_id params from access token request
Remove "scope" & "client_id" from "token request" in the "access token 
request" of the "authorization code grant" flow, keeping "client_id"
in case the provider is one of the known to be broken ones.

Please see https://tools.ietf.org/html/rfc6749#section-4.1.3

This change is required for interoperation with OpenAM.

Fixes golang/oauth2#145
Fixes golang/oauth2#110
Fixes golang/oauth2#188

Change-Id: Ie34c74980a6db7b5d34c851fb55a7d629fc7083e
Reviewed-on: https://go-review.googlesource.com/23790
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2017-02-07 21:18:51 +00:00
Marin da3ce8d62a token: added new broken auth header providers
Change-Id: I78b9e3dd126cfebb982ac1ddced09db53569d2bd
Reviewed-on: https://go-review.googlesource.com/34251
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
2016-12-09 21:20:37 +00:00
Jaana Burcu Dogan e839600e66 oauth2, jws, internal: more style fixes for bad test messages
Change-Id: Id2805fd77fb11d975414eb66689efab284a18805
Reviewed-on: https://go-review.googlesource.com/27911
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-08-26 21:49:23 +00:00
Jaana Burcu Dogan 7357e96168 internal: decapitalize the argument names
Change-Id: I108ea0e49c5a96afb616918b9367085c159fb157
Reviewed-on: https://go-review.googlesource.com/24770
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2016-07-06 23:19:41 +00:00
Jeff Craig e86e2718db internal: fix transport_test use of nil Context
The context library recommends never using a nil Context, and
context.Background() provides an empty Context appropriate for use in
unit tests.

Change-Id: I2656f846ea1f892ad41ad63a92ecb789a46e3453
Reviewed-on: https://go-review.googlesource.com/22791
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-05-04 21:42:46 +00:00
Diwaker Gupta 33fa30fe45 oauth2/internal: Add api.dropboxapi.com to broken providers.
This is actually the recommended endpoint per the API docs:
https://www.dropbox.com/developers/documentation/http/documentation

Change-Id: I320189c94f727d10a75c4fde4768cef30c28030f
Reviewed-on: https://go-review.googlesource.com/21143
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-03-25 22:15:09 +00:00
Colin Edwards 045497edb6 internal: add Patreon to the broken auth list
Change-Id: I764ff2923f3c8a87f91893b47827068f093c4437
Reviewed-on: https://go-review.googlesource.com/20232
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-03-04 21:31:35 +00:00
Andrew Gerrand 2cd4472c32 internal: add Wunderlist to list of broken auth providers
Fixes golang/go#14439

Change-Id: I6b72562d5d49d4c847390438dee11ce41bf46918
Reviewed-on: https://go-review.googlesource.com/19784
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-02-22 10:17:51 +00:00
Xudong Zhang 1f9b3a17f0 internal: add baidu.com to the broken auth list
Change-Id: I17fe6f8fce63c7d68975450ba106698533c392d9
Reviewed-on: https://go-review.googlesource.com/19742
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-02-20 17:16:45 +00:00
Burcu Dogan 2baa8a1b93 internal: primarily use the HTTP client provided in the context
Change-Id: I99eaf1480ebdfbaa5b64ac17203fbf14bf887962
Reviewed-on: https://go-review.googlesource.com/17396
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2015-12-04 19:36:38 +00:00
Burcu Dogan 442624c9ec oauth2: allow users to register broken OAuth2 implementations
Fixes golang/oauth2#111.

Change-Id: Iaea8adb038bcff91b4b468b1a3bdaa5c03d7e8e7
Reviewed-on: https://go-review.googlesource.com/16976
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-11-17 21:03:13 +00:00
Andrew Gerrand 2bf5e6e27a internal: add Salesforce to list of broken auth providers
Fix #163

Change-Id: Id2c5f34b9d5b6854d59dd8122fb3460d83352b5c
Reviewed-on: https://go-review.googlesource.com/16856
Reviewed-by: Christian Ohler <ohler@driveshift.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-11-16 23:58:02 +00:00
Andrew Gerrand 3314c49c83 internal: add microsoftonline.com to list of broken providers
Fixes #161

Change-Id: Iec1b95b766bf88c7c015cf3ff7496339d8b3e20f
Reviewed-on: https://go-review.googlesource.com/16753
Reviewed-by: Burcu Dogan <jbd@google.com>
2015-11-09 22:44:55 +00:00
Andrew Gerrand 038cb4adce all: change copyright to 'Go Authors'
Fixes golang/go#12354

Change-Id: Ie4bbe9445e2a840c9db830c9bd52a783b7a6f9bc
Reviewed-on: https://go-review.googlesource.com/13952
Reviewed-by: Russ Cox <rsc@golang.org>
2015-10-22 04:14:42 +00:00
Burcu Dogan 3cab960fb9 internal: add slack.com to the broken auth list
Change-Id: I491418962516c71ee61eba2a4bac76967c75a5da
Reviewed-on: https://go-review.googlesource.com/15049
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-09-28 18:31:21 +00:00
Andrew Gerrand c30abeebd1 internal: remove GitHub from the list of broken providers
See #155 for context

Change-Id: I91bd4186465e7489fd9d28f9f9dc2243218ba6ff
Reviewed-on: https://go-review.googlesource.com/14936
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-09-24 05:58:55 +00:00
Lucien Stuker 8914e5017c oauth2: add api.netatmo.net to the broken providers
The auth on Netatmo api need ClientSecret in post request.

Like descripted in github issue at
https://github.com/golang/oauth2/issues/111

Change-Id: Ia85120d231e8a5c0ec851ddc3557bad26ecad41d
Reviewed-on: https://go-review.googlesource.com/11833
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-07-01 21:58:07 +00:00
Daniel Kerwin 2159a45684 oauth2: add user.gini.net to the broken providers
Change-Id: I4fa586bec82309bad4dbb02ae6b722f9c19608f6
Reviewed-on: https://go-review.googlesource.com/9804
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-05-08 14:32:49 +00:00
Burcu Dogan ec6d5d770f oauth2: add test-sandbox.auth.corp.google.com to the broken providers
Change-Id: I1d2e1ea803283b5651a482445b9be60262b43c4e
Reviewed-on: https://go-review.googlesource.com/9343
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-04-27 20:39:21 +00:00
ttacon 23f31c341b oauth2: Add Box to the list of broken OAuth providers.
Change-Id: I85f44714ec0571dc0358aecdc1cde92dca954da0
Reviewed-on: https://go-review.googlesource.com/8830
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-04-21 00:15:29 +00:00
Aaron Torres a8c019d04a oauth2: add support for client credential grant type
Creates a new package called clientcredentials and
adds transport and token information to the internal
package. Also modifies the oauth2 package to make
use of the newly added files in the internal package.

The clientcredentials package allows for token requests
using a "client credentials" grant type.

Fixes https://github.com/golang/oauth2/issues/7

Change-Id: Iec649d1029870c27a2d1023baa9d52db42ff45e8
Reviewed-on: https://go-review.googlesource.com/2983
Reviewed-by: Burcu Dogan <jbd@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-04-18 00:13:27 +00:00
Burcu Dogan a0fac97f6e oauth2/internal: provide better error messaging if key parse fails
Change-Id: I4ad794fbcb58fa16e4f2bf7e113cab2451deab25
Reviewed-on: https://go-review.googlesource.com/5423
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-03-02 02:51:04 +00:00
Burcu Dogan 267028f9bc oauth2/internal: fix the broken ini parsing test
Change-Id: I1032b759e036f57bc49eec951d08d8b22728c1a0
Reviewed-on: https://go-review.googlesource.com/3117
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-01-21 19:53:08 +00:00