golang.org/x/oauth2@v0.18.0/google/internal/stsexchange/clientauth.go (about) 1 // Copyright 2020 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package stsexchange 6 7 import ( 8 "encoding/base64" 9 "net/http" 10 "net/url" 11 12 "golang.org/x/oauth2" 13 ) 14 15 // ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1. 16 type ClientAuthentication struct { 17 // AuthStyle can be either basic or request-body 18 AuthStyle oauth2.AuthStyle 19 ClientID string 20 ClientSecret string 21 } 22 23 // InjectAuthentication is used to add authentication to a Secure Token Service exchange 24 // request. It modifies either the passed url.Values or http.Header depending on the desired 25 // authentication format. 26 func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header) { 27 if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil { 28 return 29 } 30 31 switch c.AuthStyle { 32 case oauth2.AuthStyleInHeader: // AuthStyleInHeader corresponds to basic authentication as defined in rfc7617#2 33 plainHeader := c.ClientID + ":" + c.ClientSecret 34 headers.Add("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(plainHeader))) 35 case oauth2.AuthStyleInParams: // AuthStyleInParams corresponds to request-body authentication with ClientID and ClientSecret in the message body. 36 values.Set("client_id", c.ClientID) 37 values.Set("client_secret", c.ClientSecret) 38 case oauth2.AuthStyleAutoDetect: 39 values.Set("client_id", c.ClientID) 40 values.Set("client_secret", c.ClientSecret) 41 default: 42 values.Set("client_id", c.ClientID) 43 values.Set("client_secret", c.ClientSecret) 44 } 45 }