authhandler: Add support for 3-legged-OAuth

Added authhandler.go, which implements a TokenSource to support "three-legged OAuth 2.0" via a custom AuthorizationHandler. Added example_test.go with a sample command line implementation for AuthorizationHandler. This patch adds support for 3-legged-OAuth flow using an OAuth Client ID file downloaded from Google Cloud Console. Change-Id: Iefe54494d6f3ee326a6b1b2a81a7d5d1a7ba3331 GitHub-Last-Rev: 48fc0367c2 GitHub-Pull-Request: golang/oauth2#419 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/232238 Reviewed-by: Tyler Bui-Palsulich <tbp@google.com> Reviewed-by: Shin Fan <shinfan@google.com> Reviewed-by: Cody Oss <codyoss@google.com> Trust: Shin Fan <shinfan@google.com> Trust: Cody Oss <codyoss@google.com>
2021-03-19 19:10:01 +00:00
parent cd4f82c27b
commit 22b0adad75
3 changed files with 234 additions and 0 deletions
--- a/authhandler/authhandler_test.go
+++ b/authhandler/authhandler_test.go
@@ -0,0 +1,99 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package authhandler
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"golang.org/x/oauth2"
+)
+
+func TestTokenExchange_Success(t *testing.T) {
+	authhandler := func(authCodeURL string) (string, string, error) {
+		if authCodeURL == "testAuthCodeURL?client_id=testClientID&response_type=code&scope=pubsub&state=testState" {
+			return "testCode", "testState", nil
+		}
+		return "", "", fmt.Errorf("invalid authCodeURL: %q", authCodeURL)
+	}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		r.ParseForm()
+		if r.Form.Get("code") == "testCode" {
+			w.Header().Set("Content-Type", "application/json")
+			w.Write([]byte(`{
+				"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
+				"scope": "pubsub",
+				"token_type": "bearer",
+				"expires_in": 3600
+			}`))
+		}
+	}))
+	defer ts.Close()
+
+	conf := &oauth2.Config{
+		ClientID: "testClientID",
+		Scopes:   []string{"pubsub"},
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  "testAuthCodeURL",
+			TokenURL: ts.URL,
+		},
+	}
+
+	tok, err := TokenSource(context.Background(), conf, "testState", authhandler).Token()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !tok.Valid() {
+		t.Errorf("got invalid token: %v", tok)
+	}
+	if got, want := tok.AccessToken, "90d64460d14870c08c81352a05dedd3465940a7c"; got != want {
+		t.Errorf("access token = %q; want %q", got, want)
+	}
+	if got, want := tok.TokenType, "bearer"; got != want {
+		t.Errorf("token type = %q; want %q", got, want)
+	}
+	if got := tok.Expiry.IsZero(); got {
+		t.Errorf("token expiry is zero = %v, want false", got)
+	}
+	scope := tok.Extra("scope")
+	if got, want := scope, "pubsub"; got != want {
+		t.Errorf("scope = %q; want %q", got, want)
+	}
+}
+
+func TestTokenExchange_StateMismatch(t *testing.T) {
+	authhandler := func(authCodeURL string) (string, string, error) {
+		return "testCode", "testStateMismatch", nil
+	}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte(`{
+			"access_token": "90d64460d14870c08c81352a05dedd3465940a7c",
+			"scope": "pubsub",
+			"token_type": "bearer",
+			"expires_in": 3600
+		}`))
+	}))
+	defer ts.Close()
+
+	conf := &oauth2.Config{
+		ClientID: "testClientID",
+		Scopes:   []string{"pubsub"},
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  "testAuthCodeURL",
+			TokenURL: ts.URL,
+		},
+	}
+
+	_, err := TokenSource(context.Background(), conf, "testState", authhandler).Token()
+	if want_err := "state mismatch in 3-legged-OAuth flow"; err == nil || err.Error() != want_err {
+		t.Errorf("err = %q; want %q", err, want_err)
+	}
+}