github.com/timstclair/heapster@v0.20.0-alpha1/Godeps/_workspace/src/golang.org/x/oauth2/clientcredentials/clientcredentials.go (about) 1 // Copyright 2014 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package clientcredentials implements the OAuth2.0 "client credentials" token flow, 6 // also known as the "two-legged OAuth 2.0". 7 // 8 // This should be used when the client is acting on its own behalf or when the client 9 // is the resource owner. It may also be used when requesting access to protected 10 // resources based on an authorization previously arranged with the authorization 11 // server. 12 // 13 // See http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.4 14 package clientcredentials 15 16 import ( 17 "net/http" 18 "net/url" 19 "strings" 20 21 "golang.org/x/net/context" 22 "golang.org/x/oauth2" 23 "golang.org/x/oauth2/internal" 24 ) 25 26 // tokenFromInternal maps an *internal.Token struct into 27 // an *oauth2.Token struct. 28 func tokenFromInternal(t *internal.Token) *oauth2.Token { 29 if t == nil { 30 return nil 31 } 32 tk := &oauth2.Token{ 33 AccessToken: t.AccessToken, 34 TokenType: t.TokenType, 35 RefreshToken: t.RefreshToken, 36 Expiry: t.Expiry, 37 } 38 return tk.WithExtra(t.Raw) 39 } 40 41 // retrieveToken takes a *Config and uses that to retrieve an *internal.Token. 42 // This token is then mapped from *internal.Token into an *oauth2.Token which is 43 // returned along with an error. 44 func retrieveToken(ctx context.Context, c *Config, v url.Values) (*oauth2.Token, error) { 45 tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.TokenURL, v) 46 if err != nil { 47 return nil, err 48 } 49 return tokenFromInternal(tk), nil 50 } 51 52 // Client Credentials Config describes a 2-legged OAuth2 flow, with both the 53 // client application information and the server's endpoint URLs. 54 type Config struct { 55 // ClientID is the application's ID. 56 ClientID string 57 58 // ClientSecret is the application's secret. 59 ClientSecret string 60 61 // TokenURL is the resource server's token endpoint 62 // URL. This is a constant specific to each server. 63 TokenURL string 64 65 // Scope specifies optional requested permissions. 66 Scopes []string 67 } 68 69 // Token uses client credentials to retrieve a token. 70 // The HTTP client to use is derived from the context. 71 // If nil, http.DefaultClient is used. 72 func (c *Config) Token(ctx context.Context) (*oauth2.Token, error) { 73 return retrieveToken(ctx, c, url.Values{ 74 "grant_type": {"client_credentials"}, 75 "scope": internal.CondVal(strings.Join(c.Scopes, " ")), 76 }) 77 } 78 79 // Client returns an HTTP client using the provided token. 80 // The token will auto-refresh as necessary. The underlying 81 // HTTP transport will be obtained using the provided context. 82 // The returned client and its Transport should not be modified. 83 func (c *Config) Client(ctx context.Context) *http.Client { 84 return oauth2.NewClient(ctx, c.TokenSource(ctx)) 85 } 86 87 // TokenSource returns a TokenSource that returns t until t expires, 88 // automatically refreshing it as necessary using the provided context and the 89 // client ID and client secret. 90 // 91 // Most users will use Config.Client instead. 92 func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource { 93 source := &tokenSource{ 94 ctx: ctx, 95 conf: c, 96 } 97 return oauth2.ReuseTokenSource(nil, source) 98 } 99 100 type tokenSource struct { 101 ctx context.Context 102 conf *Config 103 } 104 105 // Token refreshes the token by using a new client credentials request. 106 // tokens received this way do not include a refresh token 107 func (c *tokenSource) Token() (*oauth2.Token, error) { 108 return retrieveToken(c.ctx, c.conf, url.Values{ 109 "grant_type": {"client_credentials"}, 110 "scope": internal.CondVal(strings.Join(c.conf.Scopes, " ")), 111 }) 112 }