forked from remote/oauth2
google: Add support for 3-legged-OAuth using OAuth Client ID
Add OAuthClientTokenSource in google/google.go Add DefaultAuthorizationHandler in authhandler.go
This commit is contained in:
Andy Zhao
23
google/authhandler.go
Normal file
23
google/authhandler.go
Normal file
@@ -0,0 +1,23 @@
|
||||
// Copyright 2020 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
)
|
||||
|
||||
const DefaultState = "state"
|
||||
|
||||
// DefaultAuthorizationHandler is a commandline-based auth handler
|
||||
// that prints the auth URL on the console and prompts the user to
|
||||
// authorize in the browser and paste the auth code back via stdin.
|
||||
// When using this auth handler, DefaultState must be used.
|
||||
func DefaultAuthorizationHandler(authCodeUrl string) (string, string, error) {
|
||||
fmt.Printf("Go to the following link in your browser:\n\n %s\n\n", authCodeUrl)
|
||||
fmt.Println("Enter verification code: ")
|
||||
var code string
|
||||
fmt.Scanln(&code)
|
||||
return code, DefaultState, nil
|
||||
}
|
||||
@@ -207,3 +207,38 @@ func (cs computeSource) Token() (*oauth2.Token, error) {
|
||||
"oauth2.google.serviceAccount": acct,
|
||||
}), nil
|
||||
}
|
||||
|
||||
// AuthorizationHandler is a 3-legged-OAuth helper that
|
||||
// prompts the user for OAuth consent at the specified Auth URL
|
||||
// and returns an auth code and state upon approval.
|
||||
type AuthorizationHandler func(string) (string, string, error)
|
||||
|
||||
// OAuthClientTokenSource returns an oauth2.TokenSource that fetches access tokens
|
||||
// using 3-legged-OAuth workflow.
|
||||
// The provided oauth2.Config should be a full configuration containing AuthURL,
|
||||
// TokenURL, and scope.
|
||||
// An environment-specific AuthorizationHandler is used to obtain user consent.
|
||||
// Per OAuth protocol, a unique "state" string should be sent and verified
|
||||
// before token exchange to prevent CSRF attacks.
|
||||
func OAuthClientTokenSource(config oauth2.Config, ctx context.Context, authHandler AuthorizationHandler, state string) oauth2.TokenSource {
|
||||
return oauth2.ReuseTokenSource(nil, oauthClientSource{config: config, ctx: ctx, authHandler: authHandler, state: state})
|
||||
}
|
||||
|
||||
type oauthClientSource struct {
|
||||
config oauth2.Config
|
||||
ctx context.Context
|
||||
authHandler AuthorizationHandler
|
||||
state string
|
||||
}
|
||||
|
||||
func (ocs oauthClientSource) Token() (*oauth2.Token, error) {
|
||||
url := ocs.config.AuthCodeURL(ocs.state)
|
||||
code, state, err := ocs.authHandler(url)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if state == ocs.state {
|
||||
return ocs.config.Exchange(ocs.ctx, code)
|
||||
}
|
||||
return nil, errors.New("State mismatch in OAuth workflow.")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user