credentials

package

v0.9.1-0...-c0ca104 Latest Latest Go to latest Published: Oct 5, 2018 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wcn3/oauth2l

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

Constants
func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (internal.TokenSource, error)
func ParseKey(key []byte) (*rsa.PrivateKey, error)
type Credentials
type File
- func (f *File) CredentialsType() string
- func (f *File) TokenSource(ctx context.Context, scopes []string, handler func(string) (string, error), ...) (internal.TokenSource, error)
type JWTConfig
- func JWTConfigFromFile(f *File, scopes []string) *JWTConfig
- func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*JWTConfig, error)
- func (c *JWTConfig) TokenSource(ctx context.Context) internal.TokenSource
type OAuthClient

Constants ¶

View Source

const (
	ServiceAccountKey  = "service_account"
	UserCredentialsKey = "authorized_user"
	OAuthClientKey     = "oauth_client"
)

JSON key file types.

View Source

const DefaultAuthURL = "https://accounts.google.com/o/oauth2/auth"

DefaultAuthURL is Google's OAuth 2.0 Auth URL to use with the end-user authentication flow.

View Source

const DefaultTokenURL = "https://oauth2.googleapis.com/token"

DefaultTokenURL is Google's OAuth 2.0 token URL to use with the service account flow.

Variables ¶

This section is empty.

Functions ¶

func JWTAccessTokenSourceFromJSON ¶

func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (internal.TokenSource, error)

JWTAccessTokenSourceFromJSON uses a Google Developers service account JSON key file to read the credentials that authorize and authenticate the requests, and returns a TokenSource that does not use any OAuth2 flow but instead creates a JWT and sends that as the access token. The audience is typically a URL that specifies the scope of the credentials.

Note that this is not a standard OAuth flow, but rather an optimization supported by a few Google services. Unless you know otherwise, you should use JWTConfigFromJSON instead.

func ParseKey ¶

func ParseKey(key []byte) (*rsa.PrivateKey, error)

ParseKey converts the binary contents of a private key file to an *rsa.PrivateKey. It detects whether the private key is in a PEM container or not. If so, it extracts the the private key from PEM container before conversion. It only supports PEM containers with no passphrase.

Types ¶

type Credentials ¶

type Credentials struct {
	ProjectID   string // may be empty
	TokenSource internal.TokenSource

	// JSON contains the raw bytes from a JSON credentials file.
	// This field may be nil if authentication is provided by the
	// environment and not with a credentials file, e.g. when code is
	// running on Google Cloud Platform.
	JSON []byte

	// The type of the credentials. e.g. service account.
	Type string
}

Credentials holds Google credentials, including "Application Default Credentials". For more details, see: https://developers.google.com/accounts/docs/application-default-credentials

type File ¶

type File struct {
	// serviceAccountKey or userCredentialsKey
	// Otherwise empty.
	Type string `json:"type"`

	// Service Account fields
	ClientEmail  string `json:"client_email"`
	PrivateKeyID string `json:"private_key_id"`
	PrivateKey   string `json:"private_key"`
	TokenURL     string `json:"token_uri"`
	AuthURL      string `json:"auth_uri"`
	ProjectID    string `json:"project_id"`

	// User Credential fields
	// (These typically come from gcloud auth.)
	ClientSecret string `json:"client_secret"`
	ClientID     string `json:"client_id"`
	RefreshToken string `json:"refresh_token"`

	// Web application credential
	Web OAuthClient `json:"web"`

	// Other application credential
	Installed OAuthClient `json:"installed"`
}

File is the unmarshalled representation of a credentials file.

func (*File) CredentialsType ¶

func (f *File) CredentialsType() string

Returns the credential type of the file.

func (*File) TokenSource ¶

func (f *File) TokenSource(ctx context.Context, scopes []string,
	handler func(string) (string, error), state string) (internal.TokenSource, error)

Construct the corresponding token source based on the type of the file.

type JWTConfig ¶

type JWTConfig struct {
	// Email is the OAuth client identifier used when communicating with
	// the configured OAuth provider.
	Email string

	// PrivateKey contains the contents of an RSA private key or the
	// contents of a PEM file that contains a private key. The provided
	// private key is used to sign JWT payloads.
	// PEM containers with a passphrase are not supported.
	// Use the following command to convert a PKCS 12 file into a PEM.
	//
	//    $ openssl pkcs12 -in key.p12 -out key.pem -nodes
	//
	PrivateKey []byte

	// PrivateKeyID contains an optional hint indicating which key is being
	// used.
	PrivateKeyID string

	// Subject is the optional user to impersonate.
	Subject string

	// Scopes optionally specifies a list of requested permission scopes.
	Scopes []string

	// TokenURL is the endpoint required to complete the 2-legged JWT flow.
	TokenURL string

	// Expires optionally specifies how long the token is valid for.
	Expires time.Duration
}

Config is the configuration for using JWT to fetch tokens, commonly known as "two-legged OAuth 2.0".

func JWTConfigFromFile ¶

func JWTConfigFromFile(f *File, scopes []string) *JWTConfig

Returns the config used for JWT auth flow without OAuth

func JWTConfigFromJSON ¶

func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*JWTConfig, error)

JWTConfigFromJSON uses a Google Developers service account JSON key file to read the credentials that authorize and authenticate the requests. Create a service account on "Credentials" for your project at https://console.developers.google.com to download a JSON key file.

func (*JWTConfig) TokenSource ¶

func (c *JWTConfig) TokenSource(ctx context.Context) internal.TokenSource

TokenSource returns a JWT TokenSource using the configuration in c and the HTTP client from the provided context.

type OAuthClient ¶

type OAuthClient struct {
	ProjectID    string   `json:"project_id"`
	ClientSecret string   `json:"client_secret"`
	ClientID     string   `json:"client_id"`
	TokenURL     string   `json:"token_uri"`
	AuthURL      string   `json:"auth_uri"`
	RedirectURL  []string `json:"redirect_uris"`
}

Contains data for OAuthClient key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL