go.mod: update golang.org/x dependencies

Update golang.org/x dependencies to their latest tagged versions. Once this CL is submitted, and post-submit testing succeeds on all first-class ports across all supported Go versions, this repository will be tagged with its next minor version. Change-Id: If7957dff90ca75fa8fd84ace90ed15066bfd3e48 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/473438 Reviewed-by: Heschi Kreinick <heschi@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Gopher Robot <gobot@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
google: Add support for OAuth2 token exchange over mTLS
2023-03-05 04:01:11 +00:00 · 2023-03-03 18:55:16 +00:00 · 2023-02-27 20:54:01 +00:00 · 2023-02-17 18:48:36 +00:00 · 2023-02-08 21:58:22 +00:00 · 2023-01-11 15:44:51 +00:00
9 changed files with 39 additions and 182 deletions
--- a/go.mod
+++ b/go.mod
@@ -5,11 +5,11 @@ go 1.17
 require (
 	cloud.google.com/go/compute/metadata v0.2.0
 	github.com/google/go-cmp v0.5.8
 	golang.org/x/net v0.5.0
 	google.golang.org/appengine v1.6.7
 )
 require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	golang.org/x/net v0.8.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -11,31 +11,38 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
--- a/google/default.go
+++ b/google/default.go
@@ -62,6 +62,10 @@ type CredentialsParams struct {
 	// PKCE is used to support PKCE flow. Optional for 3LO flow.
 	PKCE *authhandler.PKCEParams
 	// The OAuth2 TokenURL default override. This value overrides the default TokenURL,
 	// unless explicitly specified by the credentials config file. Optional.
 	TokenURL string
 }
 func (params CredentialsParams) deepCopy() CredentialsParams {
@@ -137,7 +141,7 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 	// use those credentials. App Engine standard second generation runtimes (>= Go 1.11)
 	// and App Engine flexible use ComputeTokenSource and the metadata server.
 	if appengineTokenFunc != nil {
-		return &DefaultCredentials{
+		return &Credentials{
 			ProjectID:   appengineAppIDFunc(ctx),
 			TokenSource: AppEngineTokenSource(ctx, params.Scopes...),
 		}, nil
@@ -147,7 +151,7 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 	// or App Engine flexible, use the metadata server.
 	if metadata.OnGCE() {
 		id, _ := metadata.ProjectID()
-		return &DefaultCredentials{
+		return &Credentials{
 			ProjectID:   id,
 			TokenSource: ComputeTokenSource("", params.Scopes...),
 		}, nil
@@ -194,7 +198,7 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
 		return nil, err
 	}
 	ts = newErrWrappingTokenSource(ts)
-	return &DefaultCredentials{
+	return &Credentials{
 		ProjectID:   f.ProjectID,
 		TokenSource: ts,
 		JSON:        jsonData,
@@ -216,7 +220,7 @@ func wellKnownFile() string {
 	return filepath.Join(guessUnixHomeDir(), ".config", "gcloud", f)
 }
-func readCredentialsFile(ctx context.Context, filename string, params CredentialsParams) (*DefaultCredentials, error) {
+func readCredentialsFile(ctx context.Context, filename string, params CredentialsParams) (*Credentials, error) {
 	b, err := ioutil.ReadFile(filename)
 	if err != nil {
 		return nil, err
--- a/google/doc.go
+++ b/google/doc.go
@@ -57,6 +57,11 @@
 // executable-sourced credentials), please check out:
 // https://cloud.google.com/iam/docs/using-workload-identity-federation#oidc
 //
 // Note that this library does not perform any validation on the token_url, token_info_url,
 // or service_account_impersonation_url fields of the credential configuration.
 // It is not recommended to use a credential configuration that you did not generate with
 // the gcloud CLI unless you verify that the URL fields point to a googleapis.com domain.
 //
 // # Credentials
 //
 // The Credentials type represents Google credentials, including Application Default
@@ -81,4 +86,5 @@
 // same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
 // JWTConfigFromJSON, but the Credentials may contain additional information
 // that is useful is some circumstances.
 //
 package google // import "golang.org/x/oauth2/google"
--- a/google/google.go
+++ b/google/google.go
@@ -26,6 +26,9 @@ var Endpoint = oauth2.Endpoint{
 	AuthStyle: oauth2.AuthStyleInParams,
 }
 // MTLSTokenURL is Google's OAuth 2.0 default mTLS endpoint.
 const MTLSTokenURL = "https://oauth2.mtls.googleapis.com/token"
 // JWTTokenURL is Google's OAuth 2.0 token URL to use with the JWT flow.
 const JWTTokenURL = "https://oauth2.googleapis.com/token"
@@ -172,8 +175,12 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 			cfg.Endpoint.AuthURL = Endpoint.AuthURL
 		}
 		if cfg.Endpoint.TokenURL == "" {
 			if params.TokenURL != "" {
 				cfg.Endpoint.TokenURL = params.TokenURL
 			} else {
 				cfg.Endpoint.TokenURL = Endpoint.TokenURL
 			}
 		}
 		tok := &oauth2.Token{RefreshToken: f.RefreshToken}
 		return cfg.TokenSource(ctx, tok), nil
 	case externalAccountKey:
--- a/google/internal/externalaccount/basecredentials.go
+++ b/google/internal/externalaccount/basecredentials.go
@@ -67,22 +67,6 @@ type Config struct {
 // that include all elements in a given list, in that order.
 var (
 	validTokenURLPatterns = []*regexp.Regexp{
 		// The complicated part in the middle matches any number of characters that
 		// aren't period, spaces, or slashes.
 		regexp.MustCompile(`(?i)^[^\.\s\/\\]+\.sts\.googleapis\.com$`),
 		regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
 		regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
 		regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
 		regexp.MustCompile(`(?i)^sts-[^\.\s\/\\]+\.p\.googleapis\.com$`),
 	}
 	validImpersonateURLPatterns = []*regexp.Regexp{
 		regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
 		regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
 		regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
 		regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
 		regexp.MustCompile(`^iamcredentials-[^\.\s\/\\]+\.p\.googleapis\.com$`),
 	}
 	validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
 )
@@ -110,25 +94,13 @@ func validateWorkforceAudience(input string) bool {
 // TokenSource Returns an external account TokenSource struct. This is to be called by package google to construct a google.Credentials.
 func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
-	return c.tokenSource(ctx, validTokenURLPatterns, validImpersonateURLPatterns, "https")
+	return c.tokenSource(ctx, "https")
 }
 // tokenSource is a private function that's directly called by some of the tests,
 // because the unit test URLs are mocked, and would otherwise fail the
 // validity check.
-func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp, scheme string) (oauth2.TokenSource, error) {
+func (c *Config) tokenSource(ctx context.Context, scheme string) (oauth2.TokenSource, error) {
 	valid := validateURL(c.TokenURL, tokenURLValidPats, scheme)
 	if !valid {
 		return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
 	}
 	if c.ServiceAccountImpersonationURL != "" {
 		valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats, scheme)
 		if !valid {
 			return nil, fmt.Errorf("oauth2/google: invalid ServiceAccountImpersonationURL provided while constructing tokenSource")
 		}
 	}
 	if c.WorkforcePoolUserProject != "" {
 		valid := validateWorkforceAudience(c.Audience)
 		if !valid {
--- a/google/internal/externalaccount/basecredentials_test.go
+++ b/google/internal/externalaccount/basecredentials_test.go
@@ -9,7 +9,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
 	"time"
@@ -208,140 +207,6 @@ func TestNonworkforceWithWorkforcePoolUserProject(t *testing.T) {
 	}
 }
 func TestValidateURLTokenURL(t *testing.T) {
 	var urlValidityTests = []struct {
 		tokURL        string
 		expectSuccess bool
 	}{
 		{"https://east.sts.googleapis.com", true},
 		{"https://sts.googleapis.com", true},
 		{"https://sts.asfeasfesef.googleapis.com", true},
 		{"https://us-east-1-sts.googleapis.com", true},
 		{"https://sts.googleapis.com/your/path/here", true},
 		{"https://.sts.googleapis.com", false},
 		{"https://badsts.googleapis.com", false},
 		{"https://sts.asfe.asfesef.googleapis.com", false},
 		{"https://sts..googleapis.com", false},
 		{"https://-sts.googleapis.com", false},
 		{"https://us-ea.st-1-sts.googleapis.com", false},
 		{"https://sts.googleapis.com.evil.com/whatever/path", false},
 		{"https://us-eas\\t-1.sts.googleapis.com", false},
 		{"https:/us-ea/st-1.sts.googleapis.com", false},
 		{"https:/us-east 1.sts.googleapis.com", false},
 		{"https://", false},
 		{"http://us-east-1.sts.googleapis.com", false},
 		{"https://us-east-1.sts.googleapis.comevil.com", false},
 		{"https://sts-xyz.p.googleapis.com", true},
 		{"https://sts.pgoogleapis.com", false},
 		{"https://p.googleapis.com", false},
 		{"https://sts.p.com", false},
 		{"http://sts.p.googleapis.com", false},
 		{"https://xyz-sts.p.googleapis.com", false},
 		{"https://sts-xyz.123.p.googleapis.com", false},
 		{"https://sts-xyz.p1.googleapis.com", false},
 		{"https://sts-xyz.p.foo.com", false},
 		{"https://sts-xyz.p.foo.googleapis.com", false},
 	}
 	ctx := context.Background()
 	for _, tt := range urlValidityTests {
 		t.Run(" "+tt.tokURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
 			config := testConfig
 			config.TokenURL = tt.tokURL
 			_, err := config.TokenSource(ctx)
 			if tt.expectSuccess && err != nil {
 				t.Errorf("got %v but want nil", err)
 			} else if !tt.expectSuccess && err == nil {
 				t.Errorf("got nil but expected an error")
 			}
 		})
 	}
 	for _, el := range urlValidityTests {
 		el.tokURL = strings.ToUpper(el.tokURL)
 	}
 	for _, tt := range urlValidityTests {
 		t.Run(" "+tt.tokURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
 			config := testConfig
 			config.TokenURL = tt.tokURL
 			_, err := config.TokenSource(ctx)
 			if tt.expectSuccess && err != nil {
 				t.Errorf("got %v but want nil", err)
 			} else if !tt.expectSuccess && err == nil {
 				t.Errorf("got nil but expected an error")
 			}
 		})
 	}
 }
 func TestValidateURLImpersonateURL(t *testing.T) {
 	var urlValidityTests = []struct {
 		impURL        string
 		expectSuccess bool
 	}{
 		{"https://east.iamcredentials.googleapis.com", true},
 		{"https://iamcredentials.googleapis.com", true},
 		{"https://iamcredentials.asfeasfesef.googleapis.com", true},
 		{"https://us-east-1-iamcredentials.googleapis.com", true},
 		{"https://iamcredentials.googleapis.com/your/path/here", true},
 		{"https://.iamcredentials.googleapis.com", false},
 		{"https://badiamcredentials.googleapis.com", false},
 		{"https://iamcredentials.asfe.asfesef.googleapis.com", false},
 		{"https://iamcredentials..googleapis.com", false},
 		{"https://-iamcredentials.googleapis.com", false},
 		{"https://us-ea.st-1-iamcredentials.googleapis.com", false},
 		{"https://iamcredentials.googleapis.com.evil.com/whatever/path", false},
 		{"https://us-eas\\t-1.iamcredentials.googleapis.com", false},
 		{"https:/us-ea/st-1.iamcredentials.googleapis.com", false},
 		{"https:/us-east 1.iamcredentials.googleapis.com", false},
 		{"https://", false},
 		{"http://us-east-1.iamcredentials.googleapis.com", false},
 		{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
 		{"https://iamcredentials-xyz.p.googleapis.com", true},
 		{"https://iamcredentials.pgoogleapis.com", false},
 		{"https://p.googleapis.com", false},
 		{"https://iamcredentials.p.com", false},
 		{"http://iamcredentials.p.googleapis.com", false},
 		{"https://xyz-iamcredentials.p.googleapis.com", false},
 		{"https://iamcredentials-xyz.123.p.googleapis.com", false},
 		{"https://iamcredentials-xyz.p1.googleapis.com", false},
 		{"https://iamcredentials-xyz.p.foo.com", false},
 		{"https://iamcredentials-xyz.p.foo.googleapis.com", false},
 	}
 	ctx := context.Background()
 	for _, tt := range urlValidityTests {
 		t.Run(" "+tt.impURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
 			config := testConfig
 			config.TokenURL = "https://sts.googleapis.com" // Setting the most basic acceptable tokenURL
 			config.ServiceAccountImpersonationURL = tt.impURL
 			_, err := config.TokenSource(ctx)
 			if tt.expectSuccess && err != nil {
 				t.Errorf("got %v but want nil", err)
 			} else if !tt.expectSuccess && err == nil {
 				t.Errorf("got nil but expected an error")
 			}
 		})
 	}
 	for _, el := range urlValidityTests {
 		el.impURL = strings.ToUpper(el.impURL)
 	}
 	for _, tt := range urlValidityTests {
 		t.Run(" "+tt.impURL, func(t *testing.T) { // We prepend a space ahead of the test input when outputting for sake of readability.
 			config := testConfig
 			config.TokenURL = "https://sts.googleapis.com" // Setting the most basic acceptable tokenURL
 			config.ServiceAccountImpersonationURL = tt.impURL
 			_, err := config.TokenSource(ctx)
 			if tt.expectSuccess && err != nil {
 				t.Errorf("got %v but want nil", err)
 			} else if !tt.expectSuccess && err == nil {
 				t.Errorf("got nil but expected an error")
 			}
 		})
 	}
 }
 func TestWorkforcePoolCreation(t *testing.T) {
 	var audienceValidatyTests = []struct {
 		audience      string
--- a/google/internal/externalaccount/impersonate_test.go
+++ b/google/internal/externalaccount/impersonate_test.go
@@ -9,7 +9,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"regexp"
 	"testing"
 )
@@ -114,8 +113,7 @@ func TestImpersonation(t *testing.T) {
 			defer targetServer.Close()
 			testImpersonateConfig.TokenURL = targetServer.URL
-			allURLs := regexp.MustCompile(".+")
+			ourTS, err := testImpersonateConfig.tokenSource(context.Background(), "http")
 			ourTS, err := testImpersonateConfig.tokenSource(context.Background(), []*regexp.Regexp{allURLs}, []*regexp.Regexp{allURLs}, "http")
 			if err != nil {
 				t.Fatalf("Failed to create TokenSource: %v", err)
 			}
--- a/internal/token.go
+++ b/internal/token.go
@@ -19,8 +19,6 @@ import (
 	"strings"
 	"sync"
 	"time"
 	"golang.org/x/net/context/ctxhttp"
 )
 // Token represents the credentials used to authorize
@@ -229,7 +227,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 }
 func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
-	r, err := ctxhttp.Do(ctx, ContextClient(ctx), req)
+	r, err := ContextClient(ctx).Do(req.WithContext(ctx))
 	if err != nil {
 		return nil, err
 	}
Author	SHA1	Message	Date
Gopher Robot	62b4eedd72	go.mod: update golang.org/x dependencies Update golang.org/x dependencies to their latest tagged versions. Once this CL is submitted, and post-submit testing succeeds on all first-class ports across all supported Go versions, this repository will be tagged with its next minor version. Change-Id: If7957dff90ca75fa8fd84ace90ed15066bfd3e48 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/473438 Reviewed-by: Heschi Kreinick <heschi@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Gopher Robot <gobot@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>	2023-03-05 04:01:11 +00:00
Andy Zhao	885f294722	google: Add support for OAuth2 token exchange over mTLS With Context Aware Access enabled, users must use the endpoint "https://oauth2.mtls.googleapis.com/token" for token exchange. This PR adds support for runtime configuration of the OAuth2 token endpoint (as determined by the caller). If using the mTLS oauth2 endpoint, the caller will also need to specify an mTLS-enabled HTTPClient via the "context" mechanism for use by the OAuth2 transport. Change-Id: Ic83342ec1d224d3acdabf00d863249330424fc54 GitHub-Last-Rev: `07e4849e96` GitHub-Pull-Request: golang/oauth2#630 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/470396 Run-TryBot: Matthew Hickford <hickford@google.com> Reviewed-by: Shin Fan <shinfan@google.com> Run-TryBot: Shin Fan <shinfan@google.com> Reviewed-by: Matthew Hickford <hickford@google.com> Reviewed-by: Andy Zhao <andyzhao@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-03-03 18:55:16 +00:00
Koichi Shiraishi	6f9c1a18cc	google: use Credentials instead of deprecated DefaultCredentials Change-Id: Ie2d972df025f6b6b7d172015aae7eb34e355cb28 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/412034 Reviewed-by: Matt Hickford <matt.hickford@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Cody Oss <codyoss@google.com> Reviewed-by: Matthew Hickford <hickford@google.com> Run-TryBot: Matt Hickford <matt.hickford@gmail.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Cody Oss <codyoss@google.com>	2023-02-27 20:54:01 +00:00
aeitzman	c82d0e16dc	google/internal/externalaccount: Removed URL validation for google URLs in ADC files Removes URL validation for token_url, service_account_impersonation_url to allow for TPC urls and adds line to the docs to warn users. See https://github.com/googleapis/google-auth-library-nodejs/pull/1517 for same change in node.js library. Change-Id: I85fa67ee0b99deed2adb75668a1b5501851c499c GitHub-Last-Rev: `15d7759884` GitHub-Pull-Request: golang/oauth2#627 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/465696 Reviewed-by: Cody Oss <codyoss@google.com> Run-TryBot: Cody Oss <codyoss@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Leo Siracusa <leosiracusa@google.com>	2023-02-17 18:48:36 +00:00
Gopher Robot	adbaf66a0b	go.mod: update golang.org/x dependencies Update golang.org/x dependencies to their latest tagged versions. Once this CL is submitted, and post-submit testing succeeds on all first-class ports across all supported Go versions, this repository will be tagged with its next minor version. Change-Id: I011be77aad8a91714b6af22e05408254e4110f3f Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/466737 Auto-Submit: Gopher Robot <gobot@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Run-TryBot: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>	2023-02-08 21:58:22 +00:00
Eric Chiang	e07593a4c4	oauth2: remove direct dependency on golang.org/x/net Change-Id: If8fd952f4bfd3bac3e85592a49616adf4b43ce51 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/460764 Reviewed-by: Cody Oss <codyoss@google.com> Run-TryBot: Matt Hickford <matt.hickford@gmail.com> Reviewed-by: Matt Hickford <matt.hickford@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-01-11 15:44:51 +00:00