passwordcredentials: add

Using PasswordCredentialsToken requires a TokenSource. This implements a Config similar to oauth2/clientcredentials for the Resource Owner Password Credentials Grant. See https://tools.ietf.org/html/rfc6749#section-4.3 for more info. Fixes https://github.com/golang/oauth2/issues/186 Change-Id: I3c6032899d6c286b84f8f24e0f6a240004f4f6c0 Reviewed-on: https://go-review.googlesource.com/23611 Reviewed-by: Andrew Gerrand <adg@golang.org>
2016-05-31 17:25:10 -07:00
parent c406a4cc4b
commit 71d9edd725
2 changed files with 195 additions and 0 deletions
--- a/passwordcredentials/passwordcredentials.go
+++ b/passwordcredentials/passwordcredentials.go
@@ -0,0 +1,90 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package passwordcredentials implements the OAuth2.0 "password credentials" token flow.
+// See https://tools.ietf.org/html/rfc6749#section-4.3
+package passwordcredentials
+
+import (
+	"net/http"
+	"net/url"
+	"strings"
+
+	"golang.org/x/net/context"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/internal"
+)
+
+// Config describes a Resource Owner Password Credentials OAuth2 flow, with the
+// client application information, resource owner credentials and the server's
+// endpoint URLs.
+type Config struct {
+	// ClientID is the application's ID.
+	ClientID string
+
+	// ClientSecret is the application's secret.
+	ClientSecret string
+
+	// Resource owner username
+	Username string
+
+	// Resource owner password
+	Password string
+
+	// Endpoint contains the resource server's token endpoint
+	// URLs. These are constants specific to each server and are
+	// often available via site-specific packages, such as
+	// google.Endpoint or github.Endpoint.
+	Endpoint oauth2.Endpoint
+
+	// Scope specifies optional requested permissions.
+	Scopes []string
+}
+
+// Client returns an HTTP client using the provided token.
+// The token will auto-refresh as necessary. The underlying
+// HTTP transport will be obtained using the provided context.
+// The returned client and its Transport should not be modified.
+func (c *Config) Client(ctx context.Context) *http.Client {
+	return oauth2.NewClient(ctx, c.TokenSource(ctx))
+}
+
+// TokenSource returns a TokenSource that returns t until t expires,
+// automatically refreshing it as necessary using the provided context and the
+// client ID and client secret.
+//
+// Most users will use Config.Client instead.
+func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource {
+	source := &tokenSource{
+		ctx:  ctx,
+		conf: c,
+	}
+	return oauth2.ReuseTokenSource(nil, source)
+}
+
+type tokenSource struct {
+	ctx  context.Context
+	conf *Config
+}
+
+// Token refreshes the token by using a new password credentials request.
+// tokens received this way do not include a refresh token
+func (c *tokenSource) Token() (*oauth2.Token, error) {
+	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.Endpoint.TokenURL, url.Values{
+		"grant_type": {"password"},
+		"username":   {c.conf.Username},
+		"password":   {c.conf.Password},
+		"scope":      internal.CondVal(strings.Join(c.conf.Scopes, " ")),
+	})
+	if err != nil {
+		return nil, err
+	}
+	t := &oauth2.Token{
+		AccessToken:  tk.AccessToken,
+		TokenType:    tk.TokenType,
+		RefreshToken: tk.RefreshToken,
+		Expiry:       tk.Expiry,
+	}
+	return t.WithExtra(tk.Raw), nil
+}