oauth2: Add support for custom params in Exchange

Allows implementation of PKCE https://www.oauth.com/oauth2-servers/pkce/ for secure code exchange. Fixes golang/oauth2#286 Change-Id: I07b6fefe6834a2406e8ca2fcbf118d38fc4875d1 GitHub-Last-Rev: 31c5ccbed38ba4998008180805be91adf480b859 GitHub-Pull-Request: golang/oauth2#285 Reviewed-on: https://go-review.googlesource.com/111515 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-05-04 20:45:12 +00:00
parent 113ce6928c
commit 088f8e1d43
2 changed files with 55 additions and 1 deletions
--- a/oauth2.go
+++ b/oauth2.go
@@ -124,6 +124,8 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
 // as ApprovalForce.
+// It can also be used to pass the PKCE challange.
+// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
 func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 	var buf bytes.Buffer
 	buf.WriteString(c.Endpoint.AuthURL)
@@ -186,7 +188,10 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor
 //
 // The code will be in the *http.Request.FormValue("code"). Before
 // calling Exchange, be sure to validate FormValue("state").
-func (c *Config) Exchange(ctx context.Context, code string) (*Token, error) {
+//
+// Opts may include the PKCE verifier code if previously used in AuthCodeURL.
+// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOption) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"authorization_code"},
 		"code":       {code},
@@ -194,6 +199,9 @@ func (c *Config) Exchange(ctx context.Context, code string) (*Token, error) {
 	if c.RedirectURL != "" {
 		v.Set("redirect_uri", c.RedirectURL)
 	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
 	return retrieveToken(ctx, c, v)
 }