Commit Graph

383 Commits

Author SHA1 Message Date
Ryan Kohler d6857d1e58 google: support AWS 3rd party credentials 2021-01-28 15:20:12 -08:00
Ryan Kohler af13f521f1 google: Create AWS V4 Signing Utility
Change-Id: I59b4a13ed0433de7dfaa064a0f7dc1f3dd724518
GitHub-Last-Rev: 8cdc6a9ad0
GitHub-Pull-Request: golang/oauth2#467
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/284632
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
2021-01-25 20:13:02 +00:00
Patrick Jones d3ed898aa8 google: support url-sourced 3rd party credentials
Implements functionality to allow for URL-sourced 3rd party credentials, expanding the functionality added in #462 .

Change-Id: Ib7615fb618486612960d60bee6b9a1ecf5de1404
GitHub-Last-Rev: 95713928e4
GitHub-Pull-Request: golang/oauth2#466
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283372
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
2021-01-13 20:58:17 +00:00
Cody Oss 8b1d76fa04 google: restore 1.11 compatibility
NewRequestWithContext requires 1.13. As this is just a convenience
we should try to retatin the 1.11 compatibility by using NewRequest
then calling WithContext instead.

Change-Id: I6208a92061b208a119fdf04fd561a3e4d22bc547
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283535
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-01-13 16:05:01 +00:00
Patrick Jones 01de73cf58 google: base account credentials with file-sourcing
Implements the core functionality to allow 3rd party identities access to Google APIs.  Specifically, this PR implements the base account credential type and supports file-sourced credentials such as Kubernetes workloads.  Later updates will add support for URL-sourced credentials such as Microsoft Azure and support for AWS credentials.

Change-Id: I6e09a450f5221a1e06394b51374cff70ab3ab8a7
GitHub-Last-Rev: 3ab51622f8
GitHub-Pull-Request: golang/oauth2#462
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/276312
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-01-12 20:04:29 +00:00
Julie Qiu 08078c50e5 README.md: change godoc.org links to pkg.go.dev
Links to godoc.org are changed to pkg.go.dev.

The README badge alt text is changed to "Go Reference" to match the
updated alt text generated by pkg.go.dev/badge.

Change-Id: I935cbe03477131a4361a8ac7b5ba9fd3e378cbdd
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/276016
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>
Trust: Julie Qiu <julie@golang.org>
2020-12-08 15:28:58 +00:00
Julie Qiu 931764155e README.md: add badge to pkg.go.dev
Change-Id: I90a3334507f4501ee082afeb878b82f71b3392ae
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/275303
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>
2020-12-07 16:36:04 +00:00
Patrick Jones 0b49973bad google: add ExchangeToken() to run STS exchanges.
Adds the ExchangeToken() function and support structs, but depends on  https://github.com/golang/oauth2/pull/439

Change-Id: Id738a27b0c2ac083409156af1f60283b9140b159
GitHub-Last-Rev: 1aa066dc21
GitHub-Pull-Request: golang/oauth2#444
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/261918
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Trust: Cody Oss <codyoss@google.com>
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
2020-12-03 00:10:11 +00:00
Patrick Jones 9fd604954f google: add utilities supporting upcoming oauth2 functionality
These are used to support some extended utilities to help with STS requests.

Change-Id: Iafc145b06ca42374cfc2ac6572762a50bcf560f2
GitHub-Last-Rev: 3085fe5703
GitHub-Pull-Request: golang/oauth2#439
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/259777
Trust: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com>
2020-11-09 20:14:03 +00:00
Emmanuel T Odeke 5d25da1a8d go.mod: update stale dependencies
Invokes go get -u -v ./... to try to get rid of
stale dependencies cloud.google.com/go@v0.34.0 (released in December 2018)
and that dependency unfortunately imported a stale
version of go.opencensus.io that then transitively
imports another that has a vulnerability.

Change-Id: I0a520e8f979ff3ddcd6197b234cdc0f4154bb735
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/245517
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
2020-09-02 21:34:28 +00:00
Brad Fitzpatrick bf48bf16ab README, endpoints: fix a typo, update README to point people at endpoints
Change-Id: Ic49fabc47eebb932a1a56f1dd3e65dc3af539d59
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/213637
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
2020-01-07 19:09:31 +00:00
Mark Wolfe eca82077e2 endpoints: add new package for oauth2.Endpoint values
As per discussion in #401 and gerrit I have built out the proposed endpoint package.

I migrated all the existing endpoints, not sure if you wanted this but it does illustrate the pattern.

Change-Id: I53f56a06207633b2380b7cd7332cd56f9ef6578f
GitHub-Last-Rev: fde9e7bb75
GitHub-Pull-Request: golang/oauth2#402
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/212223
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2020-01-07 16:08:58 +00:00
Tim Cooper 858c2ad4c8 oauth2: turn Transport.CancelRequest into a no-op
Request cancellation should be done via http.Request.Context.

Fixes #271

Change-Id: Ia6251898e55bd15b27968504fc6efe14f05b1def
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/121438
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-12-02 22:59:59 +00:00
Shaun Dunning 5d9234df09 jira: update jira JWT subject per Atlassian's recent GDPR changes
Recently, Atlassian decided to remove `userKey` from JWT construction b/c they determined that it could contain personally identifiable information. They've since switched to the user account ID. This change updates the jira JWT to reflect these recent change.

Fixes golang/oauth2#312

Change-Id: I4bd66cf925fdf38e02dd665befb5ab5f19f14ee7
GitHub-Last-Rev: 344bb6046c
GitHub-Pull-Request: golang/oauth2#389
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/185081
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-11-22 20:06:57 +00:00
Chris Broadfoot 0f29369cfe google: add some metadata to GCE tokens to identify the token's source
This is required for the direct path feature, which only works with this
token source. It's not currently possible to determine the token source
type from the return value of FindDefaultCredentials.

Another option is to add another field to the Credentials struct, which
we could still do later, but direct path is currently pretty experimental
and whitelisted/opt-in, so I don't want to add to the public API surface
unnecessarily.

This CL functionally blocks
https://code-review.googlesource.com/c/google-api-go-client/+/40950

Change-Id: Ifb5fe9c6e5c6b33eebb87b45d3c70eebfca691b3
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/175877
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2019-06-04 05:34:49 +00:00
Bobby DeSimone aaccbc9213 google: update ApprovalForce to use openid connect friendly prompt=consent
It looks like in 2016 or so` approval_prompt=force` was replaced with the open id connect friendly `prompt=consent`.

See:
- https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- https://developers.google.com/identity/sign-in/web/reference#gapiauth2offlineaccessoptions
- https://github.com/googleapis/oauth2client/issues/453
- https://github.com/pomerium/pomerium/pull/82

Change-Id: Iad2d533f451a70b2941aafd11c9b7272026a2f16
GitHub-Last-Rev: d6d10ceec8
GitHub-Pull-Request: golang/oauth2#379
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/171123
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-05-23 18:27:46 +00:00
Wenlei (Frank) He 950ef44c6e jwt: support PrivateClaims in Config
This would help add extra claim for certain 2-leg JWT exchange.

For example, Google service account key can be used to generate an OIDC token, but Google TokenURL requires "target_audience" claims set.

See this example usage:
https://gist.github.com/wlhee/64bc518190053e2122ca1909c2977c67#file-exmaple-go-L29

Change-Id: Ic10b006e45a34210634c5a76261a7e3706066965
GitHub-Last-Rev: 7a6e247e68
GitHub-Pull-Request: golang/oauth2#374
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/166220
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-05-17 18:12:55 +00:00
Steven Buss 9f3314589c google: Support scopes for ComputeTokenSource
Scopes have been added as a query parameter to the metadata server.

Change-Id: Ife68db01beeca386e558edd424fa11da508b7287
GitHub-Last-Rev: 1cb4a6ec12
GitHub-Pull-Request: golang/oauth2#376
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/170106
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-04-02 18:19:05 +00:00
Ggicci c85d3e98c9 internal: remove fallback parsing for expires_in
Facebook has correctted its OAuth2 implementation. The code as
a fallback can be removed now.

Updates golang/oauth2#51, golang/oauth2#239

Change-Id: Ib5f84bc35c0c4ecbdd25d4169f950410d4ae79a2
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/168017
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: JBD <jbd@google.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-03-19 18:23:50 +00:00
Brad Fitzpatrick e64efc72b4 internal: cap expires_in to MaxInt32
Fixes golang/oauth2#279

Change-Id: I29914e7995ec334a7474390a0ba96fe61deba6bb
Reviewed-on: https://go-review.googlesource.com/c/161962
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ross Light <light@google.com>
2019-02-26 20:54:17 +00:00
Jean de Klerk 529b322ea3 google: Use new endpoints for Google authentication
Fixes #310

Change-Id: I3b3a57b2758074535d07471b344334945be5bcbd
Reviewed-on: https://go-review.googlesource.com/c/136356
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
2019-02-26 19:11:47 +00:00
Madhu Rajanna 9b3c75971f fix misspelled word in comment
Change-Id: Ic56ac2be3df36fac555cb4d42ca5fd8b973ec1dd
GitHub-Last-Rev: 03c9ae0ae4
GitHub-Pull-Request: golang/oauth2#371
Reviewed-on: https://go-review.googlesource.com/c/163117
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-02-20 15:47:21 +00:00
Niels Widger 4b83411ed2 jwt: add Config.Audience field
Add an Audience field to jwt.Config which, if set, is used instead of TokenURL as the 'aud' claim in the generated JWT.  This allows the jwt package to work with authorization servers that require the 'aud' claim and token endpoint URL to be different values.

Fixes #369.

Change-Id: I883aabece7f9b16ec726d5bfa98c1ec91876b651
GitHub-Last-Rev: fd73e4d50c
GitHub-Pull-Request: golang/oauth2#370
Reviewed-on: https://go-review.googlesource.com/c/162937
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-02-19 18:30:15 +00:00
Brad Fitzpatrick 3e8b2be136 internal: tolerate malformed expires_in values more
Fixes golang/oauth2#239

Change-Id: Id3fdfbfb64bc1a12ab0e952e83ae444b50de1bb5
Reviewed-on: https://go-review.googlesource.com/c/161964
Reviewed-by: Ross Light <light@google.com>
Run-TryBot: Ross Light <light@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-02-12 23:04:46 +00:00
Brad Fitzpatrick 5f6b76b7c9 google: remove legacy App Engine context stuff
Fixes golang/oauth2#276

Change-Id: I3f2bed7201f2e6bb58913f3fae2e64287b9a66d5
Reviewed-on: https://go-review.googlesource.com/c/161959
Reviewed-by: Ross Light <light@google.com>
Reviewed-by: Jean de Klerk <deklerk@google.com>
Reviewed-by: Chris Broadfoot <cbro@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2019-02-11 22:52:00 +00:00
Brad Fitzpatrick 80673b4a4b oauth2: auto-detect auth style by default, add Endpoint.AuthStyle
Instead of maintaining a global map of which OAuth2 servers do which
auth style and/or requiring the user to tell us, just try both ways
and remember which way worked. But if users want to tell us in the
Endpoint, this CL also add Endpoint.AuthStyle.

Fixes golang/oauth2#111
Fixes golang/oauth2#365
Fixes golang/oauth2#362
Fixes golang/oauth2#357
Fixes golang/oauth2#353
Fixes golang/oauth2#345
Fixes golang/oauth2#326
Fixes golang/oauth2#352
Fixes golang/oauth2#268
Fixes https://go-review.googlesource.com/c/oauth2/+/58510
(... and surely many more ...)

Change-Id: I7b4d98ba1900ee2d3e11e629316b0bf867f7d237
Reviewed-on: https://go-review.googlesource.com/c/157820
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ross Light <light@google.com>
2019-02-11 18:49:51 +00:00
Tom Payne 99b60b757e clientcredentials: allow override of grant_type
Password-based authentication to the [Keycloak](https://www.keycloak.org/) API requires `grant_type` to be `password`. It would be very helpful if `golang.org/x/oauth2` could be used for this, and all's that missing is the ability to override `grant_type`.

Fixes #283

Change-Id: I439dccb3e57042571ad92f115442ae1b7d59d4e0
GitHub-Last-Rev: 0e6f85e31e
GitHub-Pull-Request: golang/oauth2#363
Reviewed-on: https://go-review.googlesource.com/c/158517
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-01-30 05:54:35 +00:00
Peter Dotchev 5dab4167f3 Clarify that client credentials are not passed in the URL
The term "query parameters" suggested that the credentials are passed in the URL which is insecure and is actually not true as the credentials are passed in the request body. See 36a7019397/internal/token.go (L196)

Change-Id: Id0a83f8d317fed30e18310b30860000109dafe88
GitHub-Last-Rev: 3961bc9aff
GitHub-Pull-Request: golang/oauth2#358
Reviewed-on: https://go-review.googlesource.com/c/157877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-01-15 18:14:02 +00:00
Brad Fitzpatrick 36a7019397 oauth2: deflake test relying on time.Now values
It was particularly flaky on Windows where time.Now doesn't advance as
fast as elsewhere.

Change-Id: Ic0b7c3e4c69389009d1e28750be0cd203fa770aa
Reviewed-on: https://go-review.googlesource.com/c/157578
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
2019-01-11 18:59:15 +00:00
Bryan C. Mills fd3eaa146c oauth2: add module definition
Commands run:
	go mod init
	go mod tidy
	sed -i 's/go 1.12/go 1.11/' go.mod
	go test ./...

Fixes #355

Change-Id: I196d77e9c15a2780e2649e735520578c01191a1b
Reviewed-on: https://go-review.googlesource.com/c/157137
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-01-10 19:52:49 +00:00
Maruf d668ce9938 Add dailymotion to brokenAuthHeaderProviders
Change-Id: Ide7a3ce0d7d565dda6ae2fcb120e5468bebbf024
GitHub-Last-Rev: 49c15935ef
GitHub-Pull-Request: golang/oauth2#350
Reviewed-on: https://go-review.googlesource.com/c/152023
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-12-03 16:26:52 +00:00
huy le 28207608b8 internal: add onelogin to broken provider list
added onelogin to broken provider list

Change-Id: I05516bf3055df77a686192c63a084e7c412ca5a6
GitHub-Last-Rev: a1476987f5
GitHub-Pull-Request: golang/oauth2#348
Reviewed-on: https://go-review.googlesource.com/c/151322
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-28 21:14:12 +00:00
lalyos 8f65e3013e internal: add gitter to broken provider list
Per https://developer.gitter.im/docs/authentication#2-gitter-redirects-back-to-your-site ,
both client_id and client_secret are required request parameters.

Change-Id: I64e40be0ab86ec5aea45597b6582e8059d5117cb
GitHub-Last-Rev: d1f5c9ebe6
GitHub-Pull-Request: golang/oauth2#346
Reviewed-on: https://go-review.googlesource.com/c/150557
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-20 19:08:19 +00:00
Adam Shannon f42d051822 doc: clarify context key usage to override *http.Client
Fixes golang/oauth2#321

Change-Id: I43724b107efafe189a3a76a81f6089dcc75cb167
Reviewed-on: https://go-review.googlesource.com/c/134436
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-06 18:21:50 +00:00
Brad Fitzpatrick ca4130e427 README: add policy for new packages
Fixes golang/oauth2#325

Change-Id: I3a9ad8ce1e974bb399356b18819c6b0fe60f7051
Reviewed-on: https://go-review.googlesource.com/c/147459
Reviewed-by: Ross Light <light@google.com>
2018-11-05 16:51:19 +00:00
Brad Fitzpatrick b758792b5c google: remove a useless build tag restriction
I missed this in CL 146677.

Change-Id: Ie2735ba15d41e51fd5a99cba97514cd16399abaa
Reviewed-on: https://go-review.googlesource.com/c/147458
Reviewed-by: Ross Light <light@google.com>
2018-11-05 16:49:09 +00:00
Filip Stanis 28156e2561 facebook: update facebook oauth2 endpoints
Fixes #309

Change-Id: I8a97db6cb51ae6c0799adc4d171f49e77f8ec2e6
GitHub-Last-Rev: fc6fb2a0e4
GitHub-Pull-Request: golang/oauth2#308
Reviewed-on: https://go-review.googlesource.com/c/127575
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-05 16:48:19 +00:00
Brad Fitzpatrick 232e455483 google: remove Go 1.8 support
Assume Go 1.9+, which is broader than Go's current Go 1.10+ support policy.

Change-Id: I9fe6954d21c2279cf4ea7da4d5bc7a9290a3bae2
Reviewed-on: https://go-review.googlesource.com/c/146677
Reviewed-by: Ross Light <light@google.com>
2018-11-02 17:01:40 +00:00
Antoine GIRARD e0f2c55a7f appengine: use stdlib context instead of x/net/context
PR #341 introduce some new import `x/net/context` in parallel of PR #339 replacing them with the standard context.
This quick PR rename those imports.

Change-Id: I94f7edbee851a733b8a307c2ea60923dd990bdb4
GitHub-Last-Rev: fbe7944356
GitHub-Pull-Request: golang/oauth2#342
Reviewed-on: https://go-review.googlesource.com/c/146837
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-02 00:39:13 +00:00
Antoine GIRARD c453e0c757 all: use stdlib context instead of x/net/context
This PR replaces use of `x/net/context` with the standard `context`

It has been nearly 6 months since
https://github.com/golang/oauth2/issues/246#issuecomment-387601277 so
I made this PR so it will be ready to merge when needed (and if
possible).

Fixes #246

Change-Id: Id2c316fcb27de0fb9163ceb4e8669b04cb39a987
GitHub-Last-Rev: 5b36321dcc
GitHub-Pull-Request: golang/oauth2#339
Reviewed-on: https://go-review.googlesource.com/c/145202
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-01 16:01:52 +00:00
Michael Traver 5a69e67f3f appengine: implement AppEngineTokenSource for 2nd gen runtimes
Go 1.11 on App Engine standard is a "second generation" runtime, and
second generation runtimes do not set the appengine build tag.
appengine_hook.go was behind the appengine build tag, meaning that
AppEngineTokenSource panicked on the go111 runtime, saying,
"AppEngineTokenSource can only be used on App Engine."

The second gen runtimes should use ComputeTokenSource, which is also
what flex does [1]. This commit does two things to remedy the situation:

1. Put the pre-existing implementation of AppEngineTokenSource behind
   the appengine build tag since it only works on first gen App Engine
   runtimes. This leaves first gen behavior unchanged.
2. Add a new implementation of AppEngineTokenSource and tag it
   !appengine. This implementation will therefore be used by second gen
   App Engine standard runtimes and App Engine flexible. It delegates
   to ComputeTokenSource.

The new AppEngineTokenSource implementation emits a log message
informing the user that AppEngineTokenSource is deprecated for second
gen runtimes and flex, instructing them to use DefaultTokenSource or
ComputeTokenSource instead. The documentation is updated to say the
same.

In this way users will not break when upgrading from Go 1.9 to Go 1.11
on App Engine but they will be nudged toward the world where App Engine
runtimes have less special behavior.

findDefaultCredentials still calls AppEngineTokenSource for first gen
runtimes and ComputeTokenSource for flex.

Fixes #334

Test: I deployed an app that uses AppEngineTokenSource to Go 1.9 and
      Go 1.11 on App Engine standard and to Go 1.11 on App Engine
      flexible and it worked in all cases. Also verified that the log
      message is present on go111 and flex.

[1] DefaultTokenSource did use ComputeTokenSource for flex but
AppEngineTokenSource did not. AppEngineTokenSource is supported on flex,
in the sense that it doesn't panic when used on flex in the way it does
when used outside App Engine. However, AppEngineTokenSource makes an API
call internally that isn't supported by default on flex, which emits a
log instructing the user to enable the compat runtime. The compat
runtimes are deprecated and deploys are blocked. This is a bad
experience. This commit has the side effect of fixing this.

Change-Id: Iab63547b410535db60dcf204782d5b6b599a4e0c
GitHub-Last-Rev: 5779afb167
GitHub-Pull-Request: golang/oauth2#341
Reviewed-on: https://go-review.googlesource.com/c/146177
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-11-01 15:54:53 +00:00
Travis Bischel 8527f56f71 oauth2: fix error message typo
PKSC1 is not a thing, but PKCS1 is, and the parse function above the
error is for PKCS1.

Change-Id: I163bb158070da462caa034a19a89ce654acc7a5d
Reviewed-on: https://go-review.googlesource.com/c/146178
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-10-31 02:26:57 +00:00
Fredrik Wallgren 9dcd33a902 Add Zoho to the list of broken providers
As per the documentation https://www.zoho.com/crm/help/api/v2/#generate-access

The oauth2 implementation for Zoho is broken in other ways as well, e.g. by having scopes comma separated instead of space separated as the standard says. But won't (and shouldn't) be handled by this project as per https://github.com/golang/oauth2/issues/119.

Change-Id: I450391ac92cbb02e6ba6a21e4afcc4dd0d6849b4
GitHub-Last-Rev: ba758b032a
GitHub-Pull-Request: golang/oauth2#333
Reviewed-on: https://go-review.googlesource.com/c/142880
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-10-17 19:29:45 +00:00
Steve LoFurno c57b0facac internal: add microsoft sandbox token endpoint to brokenAuthHeaders list
microsoft is now requiring oauth logins to sandbox accounts for bingads

https://docs.microsoft.com/en-us/bingads/guides/migration-guide?view=bingads-12

the token endpoint is login.live-int.com

https://docs.microsoft.com/en-us/bingads/guides/authentication-oauth?view=bingads-12

Change-Id: Ic0c1d8a358d549b747f59e826f02a95d0247f86a
GitHub-Last-Rev: f2a5d0a812
GitHub-Pull-Request: golang/oauth2#329
Reviewed-on: https://go-review.googlesource.com/c/139357
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-10-03 18:41:28 +00:00
Jeremy d2e6202438 nokiehealth: add endpoint for Nokia Health Mate
Change-Id: I4fdc7be10d1e10c188889aa149fd5019a7c062bd
GitHub-Last-Rev: 6fbdac80b5
GitHub-Pull-Request: golang/oauth2#315
Reviewed-on: https://go-review.googlesource.com/130477
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-08-21 21:23:33 +00:00
Peter Hoyes f720f1faee Correct box.com API domain, which still doesn't support Authorization header
Box.com OAuth authorization fails stating "invalid client credentials". Correct API domain is "api.box.com" (source: https://developer.box.com/reference#token)

Change-Id: Icecd02017c44140c85186fcc3cd673cd1e24ecf0
GitHub-Last-Rev: b568688a5a
GitHub-Pull-Request: golang/oauth2#313
Reviewed-on: https://go-review.googlesource.com/129537
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-08-20 19:13:22 +00:00
a.lukinykh 3d292e4d0c instagram: add Instagram endpoints
Change-Id: Ibb180f48013a398d597f56e14f081842735957df
GitHub-Last-Rev: 2d64329276
GitHub-Pull-Request: golang/oauth2#304
Reviewed-on: https://go-review.googlesource.com/125639
Reviewed-by: Tim Cooper <tim.cooper@layeh.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-07-24 15:53:51 +00:00
Manigandan Dharmalingam ef147856a6 stackoverflow: add stackoverflow oauth2 endpoints.
Fixes #297

Stackoverflow oauth2 endpoints constant added.
Ref: https://api.stackexchange.com/docs/authentication

Change-Id: I8285a9baa9514c79e8325c40434f62aa1ed4939b
GitHub-Last-Rev: 909997b81e
GitHub-Pull-Request: golang/oauth2#298
Reviewed-on: https://go-review.googlesource.com/119995
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-06-20 17:54:06 +00:00
Guillaume J. Charmes 088f8e1d43 oauth2: Add support for custom params in Exchange
Allows implementation of PKCE https://www.oauth.com/oauth2-servers/pkce/
for secure code exchange.

Fixes golang/oauth2#286

Change-Id: I07b6fefe6834a2406e8ca2fcbf118d38fc4875d1
GitHub-Last-Rev: 31c5ccbed3
GitHub-Pull-Request: golang/oauth2#285
Reviewed-on: https://go-review.googlesource.com/111515
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-06-19 21:35:08 +00:00
Val Polouchkine 113ce6928c internal: add Twitch's other endpoint to blacklist
Twitch uses two domains for OAuth: https://dev.twitch.tv/docs/authentication/

Change-Id: I33f74e0c282b9e35c5b266980d1eb62f4fa419a8
Reviewed-on: https://go-review.googlesource.com/119515
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-06-18 22:07:33 +00:00