taigrr/wtf
1
0
Fork 0
mirror of https://github.com/taigrr/wtf synced 2025-01-18 04:03:14 -08:00
Code Issues Projects Releases Wiki Activity
wtf/vendor/golang.org/x/oauth2/jwt/jwt.go
Sergio Rubio d2a3e504cf Vendor dependencies using golang/dep 
Output from 'dep status':

PROJECT                               CONSTRAINT     VERSION        REVISION  LATEST   PKGS USED
cloud.google.com/go                   v0.23.0        v0.23.0        0fd7230   v0.23.0  1
github.com/briandowns/openweathermap  ^0.11.0        0.11           1b87579   0.11     1
github.com/gdamore/encoding           branch master  branch master  b23993c   b23993c  1
github.com/gdamore/tcell              ^1.0.0         v1.0.0         061d51a   v1.0.0   2
github.com/go-test/deep               ^1.0.1         v1.0.1         6592d9c   v1.0.1   1
github.com/golang/protobuf            v1.1.0         v1.1.0         b4deda0   v1.1.0   1
github.com/google/go-github           branch master  branch master  2ae5df7   2ae5df7  1
github.com/google/go-querystring      branch master  branch master  53e6ce1   53e6ce1  1
github.com/jessevdk/go-flags          ^1.4.0         v1.4.0         c6ca198   v1.4.0   1
github.com/lucasb-eyer/go-colorful    v1.0           v1.0           345fbb3   v1.0     1
github.com/mattn/go-runewidth         v0.0.2         v0.0.2         9e777a8   v0.0.2   1
github.com/olebedev/config            branch master  branch master  9a10d05   9a10d05  1
github.com/radovskyb/watcher          ^1.0.2         v1.0.2         6145e14   v1.0.2   1
github.com/rivo/tview                 branch master  branch master  71ecf1f   71ecf1f  1
github.com/yfronto/newrelic           branch master  branch master  f7fa0c6   f7fa0c6  1
golang.org/x/net                      branch master  branch master  1e49130   1e49130  2
golang.org/x/oauth2                   branch master  branch master  1e0a3fa   1e0a3fa  5
golang.org/x/text                     v0.3.0         v0.3.0         f21a4df   v0.3.0   5
google.golang.org/api                 branch master  branch master  00e3bb8   00e3bb8  4
google.golang.org/appengine           v1.0.0         v1.0.0         150dc57   v1.0.0   10
gopkg.in/yaml.v2                      ^2.2.1         v2.2.1         5420a8b   v2.2.1   1

See https://golang.github.io/dep/docs/daily-dep.html
2018-06-06 18:29:46 +02:00

163 lines
4.7 KiB
Go
Raw Blame History

// Copyright 2014 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package jwt implements the OAuth 2.0 JSON Web Token flow, commonly
// known as "two-legged OAuth 2.0".
//
// See: https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12
package jwt
import (
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net/http"
"net/url"
"strings"
"time"
"golang.org/x/net/context"
"golang.org/x/oauth2"
"golang.org/x/oauth2/internal"
"golang.org/x/oauth2/jws"
)
var (
defaultGrantType = "urn:ietf:params:oauth:grant-type:jwt-bearer"
defaultHeader = &jws.Header{Algorithm: "RS256", Typ: "JWT"}
)
// Config is the configuration for using JWT to fetch tokens,
// commonly known as "two-legged OAuth 2.0".
type Config struct {
// Email is the OAuth client identifier used when communicating with
// the configured OAuth provider.
Email string
// PrivateKey contains the contents of an RSA private key or the
// contents of a PEM file that contains a private key. The provided
// private key is used to sign JWT payloads.
// PEM containers with a passphrase are not supported.
// Use the following command to convert a PKCS 12 file into a PEM.
//
// $ openssl pkcs12 -in key.p12 -out key.pem -nodes
//
PrivateKey []byte
// PrivateKeyID contains an optional hint indicating which key is being
// used.
PrivateKeyID string
// Subject is the optional user to impersonate.
Subject string
// Scopes optionally specifies a list of requested permission scopes.
Scopes []string
// TokenURL is the endpoint required to complete the 2-legged JWT flow.
TokenURL string
// Expires optionally specifies how long the token is valid for.
Expires time.Duration
}
// TokenSource returns a JWT TokenSource using the configuration
// in c and the HTTP client from the provided context.
func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource {
return oauth2.ReuseTokenSource(nil, jwtSource{ctx, c})
}
// Client returns an HTTP client wrapping the context's
// HTTP transport and adding Authorization headers with tokens
// obtained from c.
//
// The returned client and its Transport should not be modified.
func (c *Config) Client(ctx context.Context) *http.Client {
return oauth2.NewClient(ctx, c.TokenSource(ctx))
}
// jwtSource is a source that always does a signed JWT request for a token.
// It should typically be wrapped with a reuseTokenSource.
type jwtSource struct {
ctx context.Context
conf *Config
}
func (js jwtSource) Token() (*oauth2.Token, error) {
pk, err := internal.ParseKey(js.conf.PrivateKey)
if err != nil {
return nil, err
}
hc := oauth2.NewClient(js.ctx, nil)
claimSet := &jws.ClaimSet{
Iss: js.conf.Email,
Scope: strings.Join(js.conf.Scopes, " "),
Aud: js.conf.TokenURL,
}
if subject := js.conf.Subject; subject != "" {
claimSet.Sub = subject
// prn is the old name of sub. Keep setting it
// to be compatible with legacy OAuth 2.0 providers.
claimSet.Prn = subject
}
if t := js.conf.Expires; t > 0 {
claimSet.Exp = time.Now().Add(t).Unix()
}
h := *defaultHeader
h.KeyID = js.conf.PrivateKeyID
payload, err := jws.Encode(&h, claimSet, pk)
if err != nil {
return nil, err
}
v := url.Values{}
v.Set("grant_type", defaultGrantType)
v.Set("assertion", payload)
resp, err := hc.PostForm(js.conf.TokenURL, v)
if err != nil {
return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
if err != nil {
return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
}
if c := resp.StatusCode; c < 200 || c > 299 {
return nil, &oauth2.RetrieveError{
Response: resp,
Body: body,
}
}
// tokenRes is the JSON response body.
var tokenRes struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
IDToken string `json:"id_token"`
ExpiresIn int64 `json:"expires_in"` // relative seconds from now
}
if err := json.Unmarshal(body, &tokenRes); err != nil {
return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
}
token := &oauth2.Token{
AccessToken: tokenRes.AccessToken,
TokenType: tokenRes.TokenType,
}
raw := make(map[string]interface{})
json.Unmarshal(body, &raw) // no error checks for optional fields
token = token.WithExtra(raw)
if secs := tokenRes.ExpiresIn; secs > 0 {
token.Expiry = time.Now().Add(time.Duration(secs) * time.Second)
}
if v := tokenRes.IDToken; v != "" {
// decode returned id token to get expiry
claimSet, err := jws.Decode(v)
if err != nil {
return nil, fmt.Errorf("oauth2: error decoding JWT token: %v", err)
}
token.Expiry = time.Unix(claimSet.Exp, 0)
}
return token, nil
}
Reference in New Issue View Git Blame Copy Permalink