JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
307 Commits
17 Branches
34 MiB
 
 
 
Tree: 6d23a8f5f3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d23a8f5f3'
${ noResults }
transfer.sh/vendor/golang.org/x/oauth2/google/jwt.go

75 lines
2.1 KiB
Raw Blame History 

  1. // Copyright 2015 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package google

  6. 

  7. import (

  8. 	"crypto/rsa"

  9. 	"fmt"

  10. 	"time"

  11. 

  12. 	"golang.org/x/oauth2"

  13. 	"golang.org/x/oauth2/internal"

  14. 	"golang.org/x/oauth2/jws"

  15. )

  16. 

  17. // JWTAccessTokenSourceFromJSON uses a Google Developers service account JSON

  18. // key file to read the credentials that authorize and authenticate the

  19. // requests, and returns a TokenSource that does not use any OAuth2 flow but

  20. // instead creates a JWT and sends that as the access token.

  21. // The audience is typically a URL that specifies the scope of the credentials.

  22. //

  23. // Note that this is not a standard OAuth flow, but rather an

  24. // optimization supported by a few Google services.

  25. // Unless you know otherwise, you should use JWTConfigFromJSON instead.

  26. func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.TokenSource, error) {

  27. 	cfg, err := JWTConfigFromJSON(jsonKey)

  28. 	if err != nil {

  29. 		return nil, fmt.Errorf("google: could not parse JSON key: %v", err)

  30. 	}

  31. 	pk, err := internal.ParseKey(cfg.PrivateKey)

  32. 	if err != nil {

  33. 		return nil, fmt.Errorf("google: could not parse key: %v", err)

  34. 	}

  35. 	ts := &jwtAccessTokenSource{

  36. 		email:    cfg.Email,

  37. 		audience: audience,

  38. 		pk:       pk,

  39. 		pkID:     cfg.PrivateKeyID,

  40. 	}

  41. 	tok, err := ts.Token()

  42. 	if err != nil {

  43. 		return nil, err

  44. 	}

  45. 	return oauth2.ReuseTokenSource(tok, ts), nil

  46. }

  47. 

  48. type jwtAccessTokenSource struct {

  49. 	email, audience string

  50. 	pk              *rsa.PrivateKey

  51. 	pkID            string

  52. }

  53. 

  54. func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) {

  55. 	iat := time.Now()

  56. 	exp := iat.Add(time.Hour)

  57. 	cs := &jws.ClaimSet{

  58. 		Iss: ts.email,

  59. 		Sub: ts.email,

  60. 		Aud: ts.audience,

  61. 		Iat: iat.Unix(),

  62. 		Exp: exp.Unix(),

  63. 	}

  64. 	hdr := &jws.Header{

  65. 		Algorithm: "RS256",

  66. 		Typ:       "JWT",

  67. 		KeyID:     string(ts.pkID),

  68. 	}

  69. 	msg, err := jws.Encode(hdr, cs, ts.pk)

  70. 	if err != nil {

  71. 		return nil, fmt.Errorf("google: could not encode JWT: %v", err)

  72. 	}

  73. 	return &oauth2.Token{AccessToken: msg, TokenType: "Bearer", Expiry: exp}, nil

  74. }