diff options
| author | techknowlogick <techknowlogick@gitea.io> | 2019-09-14 06:02:39 -0400 |
|---|---|---|
| committer | Antoine GIRARD <sapk@users.noreply.github.com> | 2019-09-14 12:02:39 +0200 |
| commit | 7a8e299c7c7b4f83b8280ab2b069ddaed9f34d0f (patch) | |
| tree | 4faf85c56ea34c5dcbf59f09e3a76ba41194ce94 /vendor/golang.org/x/oauth2/google/jwt.go | |
| parent | 107d57a9256cdfbbb4f59665ea08311e14eb59de (diff) | |
| download | gitea-7a8e299c7c7b4f83b8280ab2b069ddaed9f34d0f.tar.gz gitea-7a8e299c7c7b4f83b8280ab2b069ddaed9f34d0f.zip | |
migrate gplus to google oauth2 provider (#7885)
* migrate gplus to google oauth2 provider. this still provides support for old gplus connections.
* Update models/oauth2.go
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* make vendor
Diffstat (limited to 'vendor/golang.org/x/oauth2/google/jwt.go')
| -rw-r--r-- | vendor/golang.org/x/oauth2/google/jwt.go | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/vendor/golang.org/x/oauth2/google/jwt.go b/vendor/golang.org/x/oauth2/google/jwt.go new file mode 100644 index 0000000000..b0fdb3a888 --- /dev/null +++ b/vendor/golang.org/x/oauth2/google/jwt.go @@ -0,0 +1,74 @@ +// Copyright 2015 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package google + +import ( + "crypto/rsa" + "fmt" + "time" + + "golang.org/x/oauth2" + "golang.org/x/oauth2/internal" + "golang.org/x/oauth2/jws" +) + +// JWTAccessTokenSourceFromJSON uses a Google Developers service account JSON +// key file to read the credentials that authorize and authenticate the +// requests, and returns a TokenSource that does not use any OAuth2 flow but +// instead creates a JWT and sends that as the access token. +// The audience is typically a URL that specifies the scope of the credentials. +// +// Note that this is not a standard OAuth flow, but rather an +// optimization supported by a few Google services. +// Unless you know otherwise, you should use JWTConfigFromJSON instead. +func JWTAccessTokenSourceFromJSON(jsonKey []byte, audience string) (oauth2.TokenSource, error) { + cfg, err := JWTConfigFromJSON(jsonKey) + if err != nil { + return nil, fmt.Errorf("google: could not parse JSON key: %v", err) + } + pk, err := internal.ParseKey(cfg.PrivateKey) + if err != nil { + return nil, fmt.Errorf("google: could not parse key: %v", err) + } + ts := &jwtAccessTokenSource{ + email: cfg.Email, + audience: audience, + pk: pk, + pkID: cfg.PrivateKeyID, + } + tok, err := ts.Token() + if err != nil { + return nil, err + } + return oauth2.ReuseTokenSource(tok, ts), nil +} + +type jwtAccessTokenSource struct { + email, audience string + pk *rsa.PrivateKey + pkID string +} + +func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) { + iat := time.Now() + exp := iat.Add(time.Hour) + cs := &jws.ClaimSet{ + Iss: ts.email, + Sub: ts.email, + Aud: ts.audience, + Iat: iat.Unix(), + Exp: exp.Unix(), + } + hdr := &jws.Header{ + Algorithm: "RS256", + Typ: "JWT", + KeyID: string(ts.pkID), + } + msg, err := jws.Encode(hdr, cs, ts.pk) + if err != nil { + return nil, fmt.Errorf("google: could not encode JWT: %v", err) + } + return &oauth2.Token{AccessToken: msg, TokenType: "Bearer", Expiry: exp}, nil +} |