fionera
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
258 Commits
9 Branches
34 MiB
 
 
 
Tree: 89e37272ed
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '89e37272ed'
${ noResults }
transfer.sh/vendor/golang.org/x/oauth2/google/google.go

193 lines
5.9 KiB
Raw Blame History 

  1. // Copyright 2014 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package google

  6. 

  7. import (

  8. 	"encoding/json"

  9. 	"errors"

  10. 	"fmt"

  11. 	"strings"

  12. 	"time"

  13. 

  14. 	"cloud.google.com/go/compute/metadata"

  15. 	"golang.org/x/net/context"

  16. 	"golang.org/x/oauth2"

  17. 	"golang.org/x/oauth2/jwt"

  18. )

  19. 

  20. // Endpoint is Google's OAuth 2.0 endpoint.

  21. var Endpoint = oauth2.Endpoint{

  22. 	AuthURL:  "https://accounts.google.com/o/oauth2/auth",

  23. 	TokenURL: "https://accounts.google.com/o/oauth2/token",

  24. }

  25. 

  26. // JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.

  27. const JWTTokenURL = "https://accounts.google.com/o/oauth2/token"

  28. 

  29. // ConfigFromJSON uses a Google Developers Console client_credentials.json

  30. // file to construct a config.

  31. // client_credentials.json can be downloaded from

  32. // https://console.developers.google.com, under "Credentials". Download the Web

  33. // application credentials in the JSON format and provide the contents of the

  34. // file as jsonKey.

  35. func ConfigFromJSON(jsonKey []byte, scope ...string) (*oauth2.Config, error) {

  36. 	type cred struct {

  37. 		ClientID     string   `json:"client_id"`

  38. 		ClientSecret string   `json:"client_secret"`

  39. 		RedirectURIs []string `json:"redirect_uris"`

  40. 		AuthURI      string   `json:"auth_uri"`

  41. 		TokenURI     string   `json:"token_uri"`

  42. 	}

  43. 	var j struct {

  44. 		Web       *cred `json:"web"`

  45. 		Installed *cred `json:"installed"`

  46. 	}

  47. 	if err := json.Unmarshal(jsonKey, &j); err != nil {

  48. 		return nil, err

  49. 	}

  50. 	var c *cred

  51. 	switch {

  52. 	case j.Web != nil:

  53. 		c = j.Web

  54. 	case j.Installed != nil:

  55. 		c = j.Installed

  56. 	default:

  57. 		return nil, fmt.Errorf("oauth2/google: no credentials found")

  58. 	}

  59. 	if len(c.RedirectURIs) < 1 {

  60. 		return nil, errors.New("oauth2/google: missing redirect URL in the client_credentials.json")

  61. 	}

  62. 	return &oauth2.Config{

  63. 		ClientID:     c.ClientID,

  64. 		ClientSecret: c.ClientSecret,

  65. 		RedirectURL:  c.RedirectURIs[0],

  66. 		Scopes:       scope,

  67. 		Endpoint: oauth2.Endpoint{

  68. 			AuthURL:  c.AuthURI,

  69. 			TokenURL: c.TokenURI,

  70. 		},

  71. 	}, nil

  72. }

  73. 

  74. // JWTConfigFromJSON uses a Google Developers service account JSON key file to read

  75. // the credentials that authorize and authenticate the requests.

  76. // Create a service account on "Credentials" for your project at

  77. // https://console.developers.google.com to download a JSON key file.

  78. func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) {

  79. 	var f credentialsFile

  80. 	if err := json.Unmarshal(jsonKey, &f); err != nil {

  81. 		return nil, err

  82. 	}

  83. 	if f.Type != serviceAccountKey {

  84. 		return nil, fmt.Errorf("google: read JWT from JSON credentials: 'type' field is %q (expected %q)", f.Type, serviceAccountKey)

  85. 	}

  86. 	scope = append([]string(nil), scope...) // copy

  87. 	return f.jwtConfig(scope), nil

  88. }

  89. 

  90. // JSON key file types.

  91. const (

  92. 	serviceAccountKey  = "service_account"

  93. 	userCredentialsKey = "authorized_user"

  94. )

  95. 

  96. // credentialsFile is the unmarshalled representation of a credentials file.

  97. type credentialsFile struct {

  98. 	Type string `json:"type"` // serviceAccountKey or userCredentialsKey

  99. 

  100. 	// Service Account fields

  101. 	ClientEmail  string `json:"client_email"`

  102. 	PrivateKeyID string `json:"private_key_id"`

  103. 	PrivateKey   string `json:"private_key"`

  104. 	TokenURL     string `json:"token_uri"`

  105. 	ProjectID    string `json:"project_id"`

  106. 

  107. 	// User Credential fields

  108. 	// (These typically come from gcloud auth.)

  109. 	ClientSecret string `json:"client_secret"`

  110. 	ClientID     string `json:"client_id"`

  111. 	RefreshToken string `json:"refresh_token"`

  112. }

  113. 

  114. func (f *credentialsFile) jwtConfig(scopes []string) *jwt.Config {

  115. 	cfg := &jwt.Config{

  116. 		Email:        f.ClientEmail,

  117. 		PrivateKey:   []byte(f.PrivateKey),

  118. 		PrivateKeyID: f.PrivateKeyID,

  119. 		Scopes:       scopes,

  120. 		TokenURL:     f.TokenURL,

  121. 	}

  122. 	if cfg.TokenURL == "" {

  123. 		cfg.TokenURL = JWTTokenURL

  124. 	}

  125. 	return cfg

  126. }

  127. 

  128. func (f *credentialsFile) tokenSource(ctx context.Context, scopes []string) (oauth2.TokenSource, error) {

  129. 	switch f.Type {

  130. 	case serviceAccountKey:

  131. 		cfg := f.jwtConfig(scopes)

  132. 		return cfg.TokenSource(ctx), nil

  133. 	case userCredentialsKey:

  134. 		cfg := &oauth2.Config{

  135. 			ClientID:     f.ClientID,

  136. 			ClientSecret: f.ClientSecret,

  137. 			Scopes:       scopes,

  138. 			Endpoint:     Endpoint,

  139. 		}

  140. 		tok := &oauth2.Token{RefreshToken: f.RefreshToken}

  141. 		return cfg.TokenSource(ctx, tok), nil

  142. 	case "":

  143. 		return nil, errors.New("missing 'type' field in credentials")

  144. 	default:

  145. 		return nil, fmt.Errorf("unknown credential type: %q", f.Type)

  146. 	}

  147. }

  148. 

  149. // ComputeTokenSource returns a token source that fetches access tokens

  150. // from Google Compute Engine (GCE)'s metadata server. It's only valid to use

  151. // this token source if your program is running on a GCE instance.

  152. // If no account is specified, "default" is used.

  153. // Further information about retrieving access tokens from the GCE metadata

  154. // server can be found at https://cloud.google.com/compute/docs/authentication.

  155. func ComputeTokenSource(account string) oauth2.TokenSource {

  156. 	return oauth2.ReuseTokenSource(nil, computeSource{account: account})

  157. }

  158. 

  159. type computeSource struct {

  160. 	account string

  161. }

  162. 

  163. func (cs computeSource) Token() (*oauth2.Token, error) {

  164. 	if !metadata.OnGCE() {

  165. 		return nil, errors.New("oauth2/google: can't get a token from the metadata service; not running on GCE")

  166. 	}

  167. 	acct := cs.account

  168. 	if acct == "" {

  169. 		acct = "default"

  170. 	}

  171. 	tokenJSON, err := metadata.Get("instance/service-accounts/" + acct + "/token")

  172. 	if err != nil {

  173. 		return nil, err

  174. 	}

  175. 	var res struct {

  176. 		AccessToken  string `json:"access_token"`

  177. 		ExpiresInSec int    `json:"expires_in"`

  178. 		TokenType    string `json:"token_type"`

  179. 	}

  180. 	err = json.NewDecoder(strings.NewReader(tokenJSON)).Decode(&res)

  181. 	if err != nil {

  182. 		return nil, fmt.Errorf("oauth2/google: invalid token JSON from metadata: %v", err)

  183. 	}

  184. 	if res.ExpiresInSec == 0 || res.AccessToken == "" {

  185. 		return nil, fmt.Errorf("oauth2/google: incomplete token received from metadata")

  186. 	}

  187. 	return &oauth2.Token{

  188. 		AccessToken: res.AccessToken,

  189. 		TokenType:   res.TokenType,

  190. 		Expiry:      time.Now().Add(time.Duration(res.ExpiresInSec) * time.Second),

  191. 	}, nil

  192. }