aeitzman
c82d0e16dc
google/internal/externalaccount: Removed URL validation for google URLs in ADC files
...
Removes URL validation for token_url, service_account_impersonation_url to allow for TPC urls and adds line to the docs to warn users. See https://github.com/googleapis/google-auth-library-nodejs/pull/1517 for same change in node.js library.
Change-Id: I85fa67ee0b99deed2adb75668a1b5501851c499c
GitHub-Last-Rev: 15d7759884golang/oauth2#627
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/465696
Reviewed-by: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
2023-02-17 18:48:36 +00:00
aeitzman
510acbce1f
google/internal/externalaccount: Added check for aws region and security credential environment variables before aws metadata call
...
Adds check for aws values in environment variables before the metadata server is called to prevent unnecessary off box calls. See https://github.com/googleapis/google-auth-library-java/pull/1100 for same change in java library.
Change-Id: Ie86a899be88c38d3fcbbe377f9bf30a7a66530c0
GitHub-Last-Rev: bcab69572cgolang/oauth2#612
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/453715
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Run-TryBot: Cody Oss <codyoss@google.com >
Auto-Submit: Cody Oss <codyoss@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
2022-11-30 16:58:33 +00:00
Ryan Kohler
ec4a9b2ff2
google/internal/externalaccount: Adding metadata verification
...
Change-Id: I4d664862b7b287131c1481b238ebd0875f7c233b
GitHub-Last-Rev: 74bcc33f5egolang/oauth2#608
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/449975
Run-TryBot: Cody Oss <codyoss@google.com >
Auto-Submit: Cody Oss <codyoss@google.com >
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
2022-11-17 22:06:29 +00:00
Ryan Kohler
6fdb5e3db7
google/internal/externalaccount: allowing PSC Urls
...
Change-Id: I46c337f162bf84cbcfa068ce1680e5428c46286a
GitHub-Last-Rev: 4d1190b904golang/oauth2#596
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/439677
Auto-Submit: Cody Oss <codyoss@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
2022-10-14 15:30:46 +00:00
Ryan Kohler
b44042a4b9
google/google: update documentation for workload identity federation
...
Including information on executable-sourced credentials
Change-Id: I39bcf20ffd1f5a9026d3d18e127411c03021977d
GitHub-Last-Rev: d61f2e71d2golang/oauth2#592
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/436836
TryBot-Result: Gopher Robot <gobot@golang.org >
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
Auto-Submit: Cody Oss <codyoss@google.com >
2022-10-06 15:09:49 +00:00
cui fliter
f21342109b
all: remove redundant type conversion
...
Change-Id: I4de1d39f8b72cd1116c56fb00b224a60de035f9e
GitHub-Last-Rev: 4e40ee8059golang/oauth2#586
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/428982
Reviewed-by: Cody Oss <codyoss@google.com >
Reviewed-by: Ian Lance Taylor <iant@google.com >
Auto-Submit: Ian Lance Taylor <iant@google.com >
Run-TryBot: Ian Lance Taylor <iant@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
2022-09-09 00:33:41 +00:00
Cody Oss
0ebed06d00
google: restore compatibility with older Go version
...
Change-Id: Ib4d9d569b8ee50a9e5a86ff63061d976a111a070
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/425094
Auto-Submit: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
2022-08-22 19:18:16 +00:00
Ryan Kohler
8227340efa
fix: missing expiration_time field isn't a problem for executables
...
Change-Id: Ib19e3d9dcd8a4c41afebf2a1fb97429617eef86b
GitHub-Last-Rev: 96eb2344degolang/oauth2#576
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/418434
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Reviewed-by: Cody Oss <codyoss@google.com >
2022-08-08 17:26:28 +00:00
Ryan Kohler
c8730f7fcb
google/internal/externalaccount: allow impersonation lifetime changes
...
Right now, impersonation tokens used for external accounts have a hardcoded lifetime of 1 hour (3600 seconds), but some of our customers want to be able to adjust this lifetime. These changes (along with others in the gcloud cli) should allow this
Change-Id: I705f83dc2a092d8cdd0fcbfff83b014c220e28bb
GitHub-Last-Rev: 7e0ea92c8egolang/oauth2#571
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/416797
Reviewed-by: Cody Oss <codyoss@google.com >
Reviewed-by: Shin Fan <shinfan@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
2022-07-18 18:49:31 +00:00
Ryan Kohler
02e64fa58f
google/internal/externalaccount: create executable credentials
...
This changeset would allow users to specify a command to be run which will return a token
Change-Id: If84cce97c273cdd08ef2010a1693cd813d053ed3
GitHub-Last-Rev: 98f37871cagolang/oauth2#563
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/404114
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Run-TryBot: Cody Oss <codyoss@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
2022-06-28 20:08:09 +00:00
Andy Zhao
fd043fe589
authhandler: Add support for PKCE
...
- Added new TokenSourceWithPKCE function to authhandler package.
- Updated Token method to support PKCE flow, sending code challenge and challenge method on the auth-code request, and sending code verifier on the exchange request.
- Updated google/default.go to support PKCE param.
Change-Id: Iab895bc01407c4742706061753f5329a772068ec
GitHub-Last-Rev: c1fddd28bcgolang/oauth2#568
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/410515
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Reviewed-by: Shin Fan <shinfan@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
2022-06-22 18:31:10 +00:00
Chris Smith
d0670ef3b1
google: Wrap token sources in errWrappingTokenSource
...
Introduce new AuthenticationError type returned by
errWrappingTokenSource.Token. The new error wrapper
exposes a boolean method Temporary, identifying the
underlying network error as retryable based on the
following status codes: 500, 503, 408, or 429.
Bump go.mod version to 1.15
refs: https://github.com/googleapis/google-api-go-client/issues/1445
Change-Id: I27c76cb0c71b918c25a640f40d0bd515b2e488fc
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/403846
Reviewed-by: Cody Oss <codyoss@google.com >
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
2022-06-08 16:14:50 +00:00
Shapor Naghibzadeh
622c5d57e4
google/google: set JWT Audience in JWTConfigFromJSON()
...
Add support to set JWT Audience in JWTConfigFromJSON() to allow setting
the audience field from the JSON config, rather than only allowing it
the default value of the token_uri.
Previous change 272766 (approved but abandoned).
Change-Id: I14d46f3628df0a04801949bf99520b210e778f99
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/406836
Reviewed-by: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Reviewed-by: Ian Lance Taylor <iant@google.com >
2022-05-24 21:58:30 +00:00
Russ Cox
9780585627
all: gofmt
...
Gofmt to update doc comments to the new formatting.
For golang/go#51082 .
Change-Id: Id333e34e0c5cd0bea79dcf5dd51130639597b2ee
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/399616
Run-TryBot: Russ Cox <rsc@golang.org >
TryBot-Result: Gopher Robot <gobot@golang.org >
Auto-Submit: Russ Cox <rsc@golang.org >
Reviewed-by: Ian Lance Taylor <iant@google.com >
2022-04-11 21:57:20 +00:00
Sai Sunder
6242fa9171
google/internal: Add AWS Session Token to Metadata Requests
...
AWS released a new instance metadata service (IMDSv2). IMDSv2 brought a requirement that a session token header is now required on every call to metadata endpoint.
Modify the AWS credential retrieval flow to fetch the session token and send it along with the calls to metadata endpoints
Change-Id: I539912ab38f5e591658b29a1e7a99d2b828a1128
GitHub-Last-Rev: 29e1f4aad1golang/oauth2#554
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/390794
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Gopher Robot <gobot@golang.org >
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
2022-03-09 15:54:54 +00:00
Cody Oss
d3ed0bb246
google/internal/externalaccount: fix flaky tests
...
It seems like these handful of test would fail because of issues
related to timings. When running the tests there was sometimes a
second scew from when the subjectToken got and want were calculated.
Switched them all to use a static clock so the time portion will
never differ.
Fixes golang/go#49339
Change-Id: Ia2e4e140526ee1fc37fa9d24765cd8ec3033ea22
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/361354
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Reviewed-by: Bryan C. Mills <bcmills@google.com >
2021-11-04 18:04:15 +00:00
Guillaume Blaquiere
ba495a64dc
google: add support for "impersonated_service_account" credential type.
...
New credential type supported: "impersonated_service_account".
Extend the "credentialsFile" struct to take into account the credential source for the impersonation.
Reuse of `ImpersonateTokenSource` struct, from `google/internal/externalaccount/Impersonate.go' file. The struct has a package-scope visibility now.
Fixes : #515
Change-Id: I87e213be6d4b6add2d6d82b91b1b38e43a0d2fe4
GitHub-Last-Rev: 14806e6b37golang/oauth2#516
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/344369
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Michael Knyszek <mknyszek@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-10-28 17:52:45 +00:00
Ryan Kohler
6b3c2da341
google/externalaccount: add support for workforce pool credentials
...
Workforce pools (external account credentials for non-Google users) are
organization-level resources which means that issued workforce pool tokens
will not have any client project ID on token exchange as currently designed.
"To use a Google API, the client must identify the application to the server.
If the API requires authentication, the client must also identify the principal
running the application."
The application here is the client project. The token will identify the user
principal but not the application. This will result in APIs rejecting requests
authenticated with these tokens.
Note that passing a x-goog-user-project override header on API request is
still not sufficient. The token is still expected to have a client project.
As a result, we have extended the spec to support an additional
workforce_pool_user_project for these credentials (workforce pools) which will
be passed when exchanging an external token for a Google Access token. After the
exchange, the issued access token will use the supplied project as the client
project. The underlying principal must still have serviceusage.services.use
IAM permission to use the project for billing/quota.
This field is not needed for flows with basic client authentication (e.g. client
ID is supplied). The client ID is sufficient to determine the client project and
any additionally supplied workforce_pool_user_project value will be ignored.
Note that this feature is not usable yet publicly.
Change-Id: I8311d7783e4048c260cbb68e90d3565df864d7e0
GitHub-Last-Rev: a6dc5ebc95golang/oauth2#520
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/353393
Reviewed-by: Cody Oss <codyoss@google.com >
Reviewed-by: Bassam Ojeil <bojeil@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-10-05 18:02:43 +00:00
Cody Oss
2bc19b1117
google/downscope: return body in error message
...
Change-Id: Ic424a95895668c2f37ffdcea2e3012e4c929cbe5
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/343689
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-08-19 19:09:43 +00:00
Patrick Jones
7df4dd6e12
google/externalaccount: validate tokenURL and ServiceAccountImpersonationURL
...
Change-Id: Iab70cc967fd97ac8e349a14760df0f8b02ddf074
GitHub-Last-Rev: ddf4dbd0b7golang/oauth2#514
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/340569
Reviewed-by: Patrick Jones <ithuriel@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
Reviewed-by: Chris Broadfoot <cbro@golang.org >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-08-17 22:35:10 +00:00
Patrick Jones
faf39c7919
google/downscope: additional examples
...
Updating examples to match the expected token broker & token consumer paradigm.
Change-Id: I9f6474e6d433e544dc92d8b1595e9538a5266043
GitHub-Last-Rev: 2149795f02golang/oauth2#513
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/339190
Reviewed-by: Leo Siracusa <leosiracusa@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Chris Broadfoot <cbro@golang.org >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-08-10 18:38:15 +00:00
Patrick Jones
6f1e639406
google/downscope: update documentation
...
Change-Id: Ib4dfc7b554c1e7565cc61bc372a98ddd390e7453
GitHub-Last-Rev: 63894e5681golang/oauth2#512
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/338389
Reviewed-by: Cody Oss <codyoss@google.com >
Reviewed-by: Chris Broadfoot <cbro@golang.org >
Trust: Cody Oss <codyoss@google.com >
Trust: Chris Broadfoot <cbro@golang.org >
Run-TryBot: Cody Oss <codyoss@google.com >
Run-TryBot: Chris Broadfoot <cbro@golang.org >
TryBot-Result: Go Bot <gobot@golang.org >
2021-08-05 13:40:26 +00:00
Patrick Jones
a41e5a7819
downscope: implement support for token downscoping
...
Implements support for token downscoping to allow for the creation of tokens with restricted permissions
Change-Id: I52459bdb0dfdd5e8d86e6043ba0362f4bf4b823c
GitHub-Last-Rev: 941cf10a8egolang/oauth2#502
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/326529
Reviewed-by: Chris Broadfoot <cbro@golang.org >
Run-TryBot: Chris Broadfoot <cbro@golang.org >
TryBot-Result: Go Bot <gobot@golang.org >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
2021-06-28 18:02:05 +00:00
gIthuriel
a8dc77f794
google: add external account documentation
...
Adds some documentation to existing public structures for third-party authentication.
Change-Id: I756f5cd5619fbd752c028e99176991139fd45c60
GitHub-Last-Rev: c846ea6748golang/oauth2#485
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/301610
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
2021-06-22 21:54:36 +00:00
Eno Compton
bce0382f6c
google: fix syntax error
...
Change-Id: I18dd98234a87dca59a199d90a5d0b9cedd80e5af
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/330189
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-06-22 19:05:53 +00:00
gIthuriel
14747e66f6
google: check additional AWS variable
...
AWS_DEFAULT_REGION should have been checked as a backup to AWS_REGION but wasn't. Also removed a redundant print statement in a test case.
Change-Id: Ia6e13eb20f509110a81e3071228283c43a1e9283
GitHub-Last-Rev: 1a10bcc079golang/oauth2#486
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/302789
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
2021-06-22 16:52:04 +00:00
Shin Fan
d04028783c
google: support scopes for JWT access token
...
Change-Id: I11acd87a56cd003fdb68a5a687e37df450c400d1
GitHub-Last-Rev: efb2e8a08agolang/oauth2#504
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/327929
Trust: Shin Fan <shinfan@google.com >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Shin Fan <shinfan@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Reviewed-by: Cody Oss <codyoss@google.com >
2021-06-15 19:07:21 +00:00
Andy Zhao
81ed05c6b5
google: Add support for CredentialsParams, Client ID json, and JWT Subject
...
*Add support for Google Developers Console client_credentials.json as a TokenSource.
*Add support for JWT Subject (for domain-wide delegation when using service account as credentials source.)
*Add support for non-default AuthURL and TokenURL for authorized user credentials source.
To support this change, two new exported functions FindDefaultCredentialsWithParams and CredentialsFromJSONWithParams are introduced.
Change-Id: Ib467822e2c14e02f8ae68586665c439960cfbd5c
GitHub-Last-Rev: eb92ab4a21golang/oauth2#490
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/311589
Reviewed-by: Shin Fan <shinfan@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Shin Fan <shinfan@google.com >
Trust: Cody Oss <codyoss@google.com >
2021-04-27 18:04:40 +00:00
Joel Ferrier
2e8d934016
google: Use bytes.Buffer for go 1.9 compatability
...
Update test cases to use const test data file references.
Change-Id: Ic08b6de5a84db7b2ae2c649ee676c5a2c13f4227
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/306749
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-04-02 16:14:24 +00:00
Ryan Kohler
5366d9dc19
google: Make sure time is always in UTC
...
If times are stored in different time zones, then we occasionally get heisenbugs about expired tokens
Change-Id: I0c117977688d8d6c7b12b211092e5040a41a1f46
GitHub-Last-Rev: 3ff51b34f5golang/oauth2#482
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/300929
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-03-11 16:31:35 +00:00
Russ Cox
9bb904979d
all: go fmt ./...
...
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Not strictly necessary but will avoid spurious changes
as files are edited.
Part of //go:build change (#41184 ).
See https://golang.org/design/draft-gobuild
Change-Id: I22803ea9e936fbb08984a64155302f47e181de27
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/294420
Trust: Russ Cox <rsc@golang.org >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Russ Cox <rsc@golang.org >
TryBot-Result: Go Bot <gobot@golang.org >
Reviewed-by: Cody Oss <codyoss@google.com >
2021-02-20 00:06:19 +00:00
Ryan Kohler
ba52d332ba
google: unexport private structs and funcs
...
These structs and funcs cannot be used by the end consumer. Unexporting them helps cleans up our documentation
Change-Id: I2eadb69e87de912ac39f53e83cd9bdfe76a15e3e
GitHub-Last-Rev: 60b58eef75golang/oauth2#479
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/293752
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-02-18 20:24:05 +00:00
Bassam Ojeil
f145937023
google: update documentation for workload identity federation
...
Document using workload identity federation from non-Google Cloud platforms to access Google Cloud resources.
This covers federation from AWS, Azure and OIDC providers via Application Default Credentials.
Change-Id: I77ee7f6aac5a75d095304f07f3004ec3fb7b9613
GitHub-Last-Rev: 07c9dd0271golang/oauth2#478
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/293751
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-02-18 20:13:42 +00:00
Patrick Jones
16ff1888fd
google: manual testing fixes
...
I found some errors while manually testing service account impersonation on Azure. This PR includes the fixes that I made.
Change-Id: Ia2b194be6c9a7c843e615f9789c8f8203bcbc151
GitHub-Last-Rev: 5690716363golang/oauth2#475
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/291209
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-02-16 19:45:17 +00:00
Ryan Kohler
66670185b0
google: Changes required to get AWS working in manual testing
...
• Subject Token needs to be query escaped
• Null options need to be omitted (like they are in other languages)
Change-Id: I67d1ed3ba96a35283a8928f196bc7e912084d1ab
GitHub-Last-Rev: 1aae076a90golang/oauth2#474
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/290513
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-02-10 19:26:28 +00:00
Ryan Kohler
010130855d
google: support AWS 3rd party credentials
...
Change-Id: I655b38f7fb8023866bb284c7ce80ab9888682e73
GitHub-Last-Rev: 648f0b3d45golang/oauth2#471
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/287752
Reviewed-by: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
2021-02-01 16:38:06 +00:00
Patrick Jones
f9ce19ea30
google: support service account impersonation
...
Adds support for service account impersonation when a URL for service account impersonation is provided.
Change-Id: I9f3bbd6926212cecb13938fc5dac358ba56855b8
GitHub-Last-Rev: 9c218789dbgolang/oauth2#468
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/285012
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
2021-01-26 19:43:26 +00:00
Ryan Kohler
af13f521f1
google: Create AWS V4 Signing Utility
...
Change-Id: I59b4a13ed0433de7dfaa064a0f7dc1f3dd724518
GitHub-Last-Rev: 8cdc6a9ad0golang/oauth2#467
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/284632
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Trust: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Reviewed-by: Cody Oss <codyoss@google.com >
2021-01-25 20:13:02 +00:00
Patrick Jones
d3ed898aa8
google: support url-sourced 3rd party credentials
...
Implements functionality to allow for URL-sourced 3rd party credentials, expanding the functionality added in #462 .
Change-Id: Ib7615fb618486612960d60bee6b9a1ecf5de1404
GitHub-Last-Rev: 95713928e4golang/oauth2#466
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283372
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Reviewed-by: Cody Oss <codyoss@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
2021-01-13 20:58:17 +00:00
Cody Oss
8b1d76fa04
google: restore 1.11 compatibility
...
NewRequestWithContext requires 1.13. As this is just a convenience
we should try to retatin the 1.11 compatibility by using NewRequest
then calling WithContext instead.
Change-Id: I6208a92061b208a119fdf04fd561a3e4d22bc547
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/283535
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-01-13 16:05:01 +00:00
Patrick Jones
01de73cf58
google: base account credentials with file-sourcing
...
Implements the core functionality to allow 3rd party identities access to Google APIs. Specifically, this PR implements the base account credential type and supports file-sourced credentials such as Kubernetes workloads. Later updates will add support for URL-sourced credentials such as Microsoft Azure and support for AWS credentials.
Change-Id: I6e09a450f5221a1e06394b51374cff70ab3ab8a7
GitHub-Last-Rev: 3ab51622f8golang/oauth2#462
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/276312
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
2021-01-12 20:04:29 +00:00
Patrick Jones
0b49973bad
google: add ExchangeToken() to run STS exchanges.
...
Adds the ExchangeToken() function and support structs, but depends on https://github.com/golang/oauth2/pull/439
Change-Id: Id738a27b0c2ac083409156af1f60283b9140b159
GitHub-Last-Rev: 1aa066dc21golang/oauth2#444
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/261918
Run-TryBot: Tyler Bui-Palsulich <tbp@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Trust: Tyler Bui-Palsulich <tbp@google.com >
Trust: Cody Oss <codyoss@google.com >
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
2020-12-03 00:10:11 +00:00
Patrick Jones
9fd604954f
google: add utilities supporting upcoming oauth2 functionality
...
These are used to support some extended utilities to help with STS requests.
Change-Id: Iafc145b06ca42374cfc2ac6572762a50bcf560f2
GitHub-Last-Rev: 3085fe5703golang/oauth2#439
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/259777
Trust: Cody Oss <codyoss@google.com >
Run-TryBot: Cody Oss <codyoss@google.com >
TryBot-Result: Go Bot <gobot@golang.org >
Reviewed-by: Tyler Bui-Palsulich <tbp@google.com >
2020-11-09 20:14:03 +00:00
Chris Broadfoot
0f29369cfe
google: add some metadata to GCE tokens to identify the token's source
...
This is required for the direct path feature, which only works with this
token source. It's not currently possible to determine the token source
type from the return value of FindDefaultCredentials.
Another option is to add another field to the Credentials struct, which
we could still do later, but direct path is currently pretty experimental
and whitelisted/opt-in, so I don't want to add to the public API surface
unnecessarily.
This CL functionally blocks
https://code-review.googlesource.com/c/google-api-go-client/+/40950
Change-Id: Ifb5fe9c6e5c6b33eebb87b45d3c70eebfca691b3
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/175877
Reviewed-by: Chris Broadfoot <cbro@golang.org >
2019-06-04 05:34:49 +00:00
Steven Buss
9f3314589c
google: Support scopes for ComputeTokenSource
...
Scopes have been added as a query parameter to the metadata server.
Change-Id: Ife68db01beeca386e558edd424fa11da508b7287
GitHub-Last-Rev: 1cb4a6ec12golang/oauth2#376
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/170106
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org >
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org >
TryBot-Result: Gobot Gobot <gobot@golang.org >
2019-04-02 18:19:05 +00:00
Jean de Klerk
529b322ea3
google: Use new endpoints for Google authentication
...
Fixes #310
Change-Id: I3b3a57b2758074535d07471b344334945be5bcbd
Reviewed-on: https://go-review.googlesource.com/c/136356
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org >
TryBot-Result: Gobot Gobot <gobot@golang.org >
Reviewed-by: Chris Broadfoot <cbro@golang.org >
2019-02-26 19:11:47 +00:00
Brad Fitzpatrick
5f6b76b7c9
google: remove legacy App Engine context stuff
...
Fixes golang/oauth2#276
Change-Id: I3f2bed7201f2e6bb58913f3fae2e64287b9a66d5
Reviewed-on: https://go-review.googlesource.com/c/161959
Reviewed-by: Ross Light <light@google.com >
Reviewed-by: Jean de Klerk <deklerk@google.com >
Reviewed-by: Chris Broadfoot <cbro@golang.org >
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org >
TryBot-Result: Gobot Gobot <gobot@golang.org >
2019-02-11 22:52:00 +00:00
Brad Fitzpatrick
80673b4a4b
oauth2: auto-detect auth style by default, add Endpoint.AuthStyle
...
Instead of maintaining a global map of which OAuth2 servers do which
auth style and/or requiring the user to tell us, just try both ways
and remember which way worked. But if users want to tell us in the
Endpoint, this CL also add Endpoint.AuthStyle.
Fixes golang/oauth2#111
Fixes golang/oauth2#365
Fixes golang/oauth2#362
Fixes golang/oauth2#357
Fixes golang/oauth2#353
Fixes golang/oauth2#345
Fixes golang/oauth2#326
Fixes golang/oauth2#352
Fixes golang/oauth2#268
Fixes https://go-review.googlesource.com/c/oauth2/+/58510
(... and surely many more ...)
Change-Id: I7b4d98ba1900ee2d3e11e629316b0bf867f7d237
Reviewed-on: https://go-review.googlesource.com/c/157820
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org >
TryBot-Result: Gobot Gobot <gobot@golang.org >
Reviewed-by: Ross Light <light@google.com >
2019-02-11 18:49:51 +00:00
Brad Fitzpatrick
b758792b5c
google: remove a useless build tag restriction
...
I missed this in CL 146677.
Change-Id: Ie2735ba15d41e51fd5a99cba97514cd16399abaa
Reviewed-on: https://go-review.googlesource.com/c/147458
Reviewed-by: Ross Light <light@google.com >
2018-11-05 16:49:09 +00:00
Brad Fitzpatrick
232e455483
google: remove Go 1.8 support
...
Assume Go 1.9+, which is broader than Go's current Go 1.10+ support policy.
Change-Id: I9fe6954d21c2279cf4ea7da4d5bc7a9290a3bae2
Reviewed-on: https://go-review.googlesource.com/c/146677
Reviewed-by: Ross Light <light@google.com >
2018-11-02 17:01:40 +00:00
