go.uber.org/cadence@v1.2.9/internal/oauth_authorization.go

go.uber.org/cadence@v1.2.9/internal/oauth_authorization.go (about)

     1  // Copyright (c) 2017-2021 Uber Technologies Inc.
     2  //
     3  // Permission is hereby granted, free of charge, to any person obtaining a copy
     4  // of this software and associated documentation files (the "Software"), to deal
     5  // in the Software without restriction, including without limitation the rights
     6  // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
     7  // copies of the Software, and to permit persons to whom the Software is
     8  // furnished to do so, subject to the following conditions:
     9  //
    10  // The above copyright notice and this permission notice shall be included in
    11  // all copies or substantial portions of the Software.
    12  //
    13  // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    14  // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    15  // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    16  // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    17  // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    18  // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    19  // THE SOFTWARE.
    20  
    21  package internal
    22  
    23  import (
    24  	"context"
    25  	"fmt"
    26  	"net/url"
    27  
    28  	"go.uber.org/cadence/internal/common/auth"
    29  	"golang.org/x/oauth2"
    30  	"golang.org/x/oauth2/clientcredentials"
    31  )
    32  
    33  // OAuthAuthorizerConfig allows to configure external OAuth provider
    34  // This is machine to machine / service to service 2-legged OAuth2 flow
    35  type OAuthAuthorizerConfig struct {
    36  	// ClientID to be used for acquiring token
    37  	ClientID string `yaml:"clientID"`
    38  
    39  	// ClientSecret to be used for acquiring token
    40  	ClientSecret string `yaml:"clientSecret"`
    41  
    42  	// TokenURL is the endpoint used to get token from provider
    43  	TokenURL string `yaml:"tokenURL"`
    44  
    45  	// Scope specifies optional requested permissions
    46  	Scopes []string `yaml:"scopes"`
    47  
    48  	// EndpointParams specifies additional parameters for requests to the token endpoint.
    49  	// This needs to be provided for some OAuth providers
    50  	EndpointParams map[string]string `yaml:"endpointParams"`
    51  }
    52  
    53  var _ auth.AuthorizationProvider = (*OAuthProvider)(nil)
    54  
    55  type OAuthProvider struct {
    56  	tokenSource oauth2.TokenSource
    57  	config      clientcredentials.Config
    58  }
    59  
    60  func NewOAuthAuthorizationProvider(config OAuthAuthorizerConfig) *OAuthProvider {
    61  	oauthConfig := clientcredentials.Config{
    62  		ClientID:     config.ClientID,
    63  		ClientSecret: config.ClientSecret,
    64  		TokenURL:     config.TokenURL,
    65  		Scopes:       config.Scopes,
    66  	}
    67  
    68  	if config.EndpointParams != nil {
    69  		v := url.Values{}
    70  		for name, value := range config.EndpointParams {
    71  			v.Set(name, value)
    72  		}
    73  		oauthConfig.EndpointParams = v
    74  	}
    75  
    76  	return &OAuthProvider{
    77  		tokenSource: oauthConfig.TokenSource(context.Background()),
    78  		config:      oauthConfig,
    79  	}
    80  }
    81  
    82  func (o *OAuthProvider) GetAuthToken() ([]byte, error) {
    83  	token, err := o.tokenSource.Token()
    84  	if err != nil {
    85  		return nil, fmt.Errorf("token source: %w", err)
    86  	}
    87  
    88  	return []byte(token.AccessToken), nil
    89  }