Preston_PLB
/
oauth2
forked from Mirrors/oauth2
1
0
Fork 0
Code Pull Requests Activity
Fork of oauth 2 to allow the exposing of token refresher
407 Commits 1 Branch 14 Tags 1.7 MiB
Go 100%
Go to file
Ryan Kohler 6b3c2da341 google/externalaccount: add support for workforce pool credentials 
Workforce pools (external account credentials for non-Google users) are
organization-level resources which means that issued workforce pool tokens
will not have any client project ID on token exchange as currently designed.

"To use a Google API, the client must identify the application to the server.
If the API requires authentication, the client must also identify the principal
running the application."

The application here is the client project. The token will identify the user
principal but not the application. This will result in APIs rejecting requests
authenticated with these tokens.

Note that passing a x-goog-user-project override header on API request is
still not sufficient. The token is still expected to have a client project.

As a result, we have extended the spec to support an additional
workforce_pool_user_project for these credentials (workforce pools) which will
be passed when exchanging an external token for a Google Access token. After the
exchange, the issued access token will use the supplied project as the client
project. The underlying principal must still have serviceusage.services.use
IAM permission to use the project for billing/quota.

This field is not needed for flows with basic client authentication (e.g. client
ID is supplied). The client ID is sufficient to determine the client project and
any additionally supplied workforce_pool_user_project value will be ignored.

Note that this feature is not usable yet publicly.

Change-Id: I8311d7783e4048c260cbb68e90d3565df864d7e0
GitHub-Last-Rev: a6dc5ebc95
GitHub-Pull-Request: golang/oauth2#520
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/353393
Reviewed-by: Cody Oss <codyoss@google.com>
Reviewed-by: Bassam Ojeil <bojeil@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
 		2021-10-05 18:02:43 +00:00
amazon amazon: add amazon endpoints 2017-04-12 23:27:59 +00:00
authhandler authhandler: Remove example_test.go 2021-04-13 13:46:43 +00:00
bitbucket bitbucket: add end points 2015-09-17 03:41:47 +00:00
cern cern: add CERN OAuth endpoint 2018-05-29 17:07:32 +00:00
clientcredentials oauth2: auto-detect auth style by default, add Endpoint.AuthStyle 2019-02-11 18:49:51 +00:00
endpoints endpoints: add Battlenet endpoints 2021-05-14 16:43:44 +00:00
facebook internal: remove fallback parsing for expires_in 2019-03-19 18:23:50 +00:00
fitbit fitbit: add Fitbit API endpoints 2016-03-23 03:46:10 +00:00
foursquare oauth2: add Foursquare's Endpoint 2016-10-25 20:08:26 +00:00
github all: change copyright to 'Go Authors' 2015-10-22 04:14:42 +00:00
gitlab gitlab: Use correct endpoint URLs 2018-05-21 19:08:22 +00:00
google google/externalaccount: add support for workforce pool credentials 2021-10-05 18:02:43 +00:00
heroku heroku: Add Heroku's endpoints 2016-08-23 22:06:57 +00:00
hipchat hipchat: Generate Config for Connect integrations 2016-04-28 20:45:44 +00:00
instagram instagram: add Instagram endpoints 2018-07-24 15:53:51 +00:00
internal all: go fmt ./... 2021-02-20 00:06:19 +00:00
jira jira: update jira JWT subject per Atlassian's recent GDPR changes 2019-11-22 20:06:57 +00:00
jws oauth2, jws, internal: more style fixes for bad test messages 2016-08-26 21:49:23 +00:00
jwt jwt: support PrivateClaims in Config 2019-05-17 18:12:55 +00:00
kakao kakao: Add new endpoint of Kakao 2018-05-28 19:57:36 +00:00
linkedin oauth2: auto-detect auth style by default, add Endpoint.AuthStyle 2019-02-11 18:49:51 +00:00
mailchimp mailchimp: add MailChimp provider 2018-02-28 17:30:56 +00:00
mailru mailru: add Mail.Ru OAuth2 endpoint 2017-12-15 22:01:12 +00:00
mediamath mediamath: add MediaMath endpoints 2016-08-17 16:31:01 +00:00
microsoft microsoft: improve azure active directory endpoint 2017-12-13 21:28:14 +00:00
nokiahealth nokiehealth: add endpoint for Nokia Health Mate 2018-08-21 21:23:33 +00:00
odnoklassniki all: change copyright to 'Go Authors' 2015-10-22 04:14:42 +00:00
paypal all: change copyright to 'Go Authors' 2015-10-22 04:14:42 +00:00
slack slack: new package with Slack's endpoints 2016-02-17 21:10:11 +00:00
spotify spotify: add Spotify endpoints 2018-01-04 23:00:36 +00:00
stackoverflow stackoverflow: add stackoverflow oauth2 endpoints. 2018-06-20 17:54:06 +00:00
twitch twitch: update to new endpoint 2018-05-21 19:16:39 +00:00
uber uber: Add Uber API endpoints 2016-08-10 17:35:16 +00:00
vk all: change copyright to 'Go Authors' 2015-10-22 04:14:42 +00:00
yahoo yahoo: add Yahoo OAuth2 endpoint 2017-12-15 00:49:36 +00:00
yandex oauth2: add Yandex endpoint 2017-02-27 16:23:13 +00:00
.travis.yml travis: always build against tip 2016-05-20 18:58:28 +00:00
AUTHORS Reverting the license back to the original. 2014-05-17 17:26:57 +02:00
CONTRIBUTING.md CONTRIBUTING.md: remove note about not accepting Pull Requests 2018-03-14 18:02:39 +00:00
CONTRIBUTORS Reverting the license back to the original. 2014-05-17 17:26:57 +02:00
LICENSE LICENSE: attribute to the Go authors 2017-08-02 15:54:48 +00:00
README.md README.md: change godoc.org links to pkg.go.dev 2020-12-08 15:28:58 +00:00
example_test.go oauth2: improve the custom HTTP client example 2017-09-01 19:30:52 +00:00
go.mod go.mod: update stale dependencies 2020-09-02 21:34:28 +00:00
go.sum go.mod: update stale dependencies 2020-09-02 21:34:28 +00:00
oauth2.go google: update ApprovalForce to use openid connect friendly prompt=consent 2019-05-23 18:27:46 +00:00
oauth2_test.go google: update ApprovalForce to use openid connect friendly prompt=consent 2019-05-23 18:27:46 +00:00
token.go oauth2: auto-detect auth style by default, add Endpoint.AuthStyle 2019-02-11 18:49:51 +00:00
token_test.go oauth2: deflake test relying on time.Now values 2019-01-11 18:59:15 +00:00
transport.go oauth2: turn Transport.CancelRequest into a no-op 2019-12-02 22:59:59 +00:00
transport_test.go oauth2: close request body if errors occur before base RoundTripper is invoked 2018-05-29 20:36:26 +00:00

README.md

OAuth2 for Go

Go Reference Build Status

oauth2 package contains a client implementation for OAuth 2.0 spec.

Installation

go get golang.org/x/oauth2

Or you can manually git clone the repository to $(go env GOPATH)/src/golang.org/x/oauth2.

See pkg.go.dev for further documentation and examples.

Policy for new packages

We no longer accept new provider-specific packages in this repo if all they do is add a single endpoint variable. If you just want to add a single endpoint, add it to the pkg.go.dev/golang.org/x/oauth2/endpoints package.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the oauth2 repository is located at https://github.com/golang/oauth2/issues.