|
- // Copyright 2014 The Go Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
-
- package oauth2
-
- import (
- "context"
- "fmt"
- "net/http"
- "net/url"
- "strconv"
- "strings"
- "time"
-
- "golang.org/x/oauth2/internal"
- )
-
- // expiryDelta determines how earlier a token should be considered
- // expired than its actual expiration time. It is used to avoid late
- // expirations due to client-server time mismatches.
- const expiryDelta = 10 * time.Second
-
- // Token represents the credentials used to authorize
- // the requests to access protected resources on the OAuth 2.0
- // provider's backend.
- //
- // Most users of this package should not access fields of Token
- // directly. They're exported mostly for use by related packages
- // implementing derivative OAuth2 flows.
- type Token struct {
- // AccessToken is the token that authorizes and authenticates
- // the requests.
- AccessToken string `json:"access_token"`
-
- // TokenType is the type of token.
- // The Type method returns either this or "Bearer", the default.
- TokenType string `json:"token_type,omitempty"`
-
- // RefreshToken is a token that's used by the application
- // (as opposed to the user) to refresh the access token
- // if it expires.
- RefreshToken string `json:"refresh_token,omitempty"`
-
- // Expiry is the optional expiration time of the access token.
- //
- // If zero, TokenSource implementations will reuse the same
- // token forever and RefreshToken or equivalent
- // mechanisms for that TokenSource will not be used.
- Expiry time.Time `json:"expiry,omitempty"`
-
- // raw optionally contains extra metadata from the server
- // when updating a token.
- raw interface{}
- }
-
- // Type returns t.TokenType if non-empty, else "Bearer".
- func (t *Token) Type() string {
- if strings.EqualFold(t.TokenType, "bearer") {
- return "Bearer"
- }
- if strings.EqualFold(t.TokenType, "mac") {
- return "MAC"
- }
- if strings.EqualFold(t.TokenType, "basic") {
- return "Basic"
- }
- if t.TokenType != "" {
- return t.TokenType
- }
- return "Bearer"
- }
-
- // SetAuthHeader sets the Authorization header to r using the access
- // token in t.
- //
- // This method is unnecessary when using Transport or an HTTP Client
- // returned by this package.
- func (t *Token) SetAuthHeader(r *http.Request) {
- r.Header.Set("Authorization", t.Type()+" "+t.AccessToken)
- }
-
- // WithExtra returns a new Token that's a clone of t, but using the
- // provided raw extra map. This is only intended for use by packages
- // implementing derivative OAuth2 flows.
- func (t *Token) WithExtra(extra interface{}) *Token {
- t2 := new(Token)
- *t2 = *t
- t2.raw = extra
- return t2
- }
-
- // Extra returns an extra field.
- // Extra fields are key-value pairs returned by the server as a
- // part of the token retrieval response.
- func (t *Token) Extra(key string) interface{} {
- if raw, ok := t.raw.(map[string]interface{}); ok {
- return raw[key]
- }
-
- vals, ok := t.raw.(url.Values)
- if !ok {
- return nil
- }
-
- v := vals.Get(key)
- switch s := strings.TrimSpace(v); strings.Count(s, ".") {
- case 0: // Contains no "."; try to parse as int
- if i, err := strconv.ParseInt(s, 10, 64); err == nil {
- return i
- }
- case 1: // Contains a single "."; try to parse as float
- if f, err := strconv.ParseFloat(s, 64); err == nil {
- return f
- }
- }
-
- return v
- }
-
- // timeNow is time.Now but pulled out as a variable for tests.
- var timeNow = time.Now
-
- // expired reports whether the token is expired.
- // t must be non-nil.
- func (t *Token) expired() bool {
- if t.Expiry.IsZero() {
- return false
- }
- return t.Expiry.Round(0).Add(-expiryDelta).Before(timeNow())
- }
-
- // Valid reports whether t is non-nil, has an AccessToken, and is not expired.
- func (t *Token) Valid() bool {
- return t != nil && t.AccessToken != "" && !t.expired()
- }
-
- // tokenFromInternal maps an *internal.Token struct into
- // a *Token struct.
- func tokenFromInternal(t *internal.Token) *Token {
- if t == nil {
- return nil
- }
- return &Token{
- AccessToken: t.AccessToken,
- TokenType: t.TokenType,
- RefreshToken: t.RefreshToken,
- Expiry: t.Expiry,
- raw: t.Raw,
- }
- }
-
- // retrieveToken takes a *Config and uses that to retrieve an *internal.Token.
- // This token is then mapped from *internal.Token into an *oauth2.Token which is returned along
- // with an error..
- func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error) {
- tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle))
- if err != nil {
- if rErr, ok := err.(*internal.RetrieveError); ok {
- return nil, (*RetrieveError)(rErr)
- }
- return nil, err
- }
- return tokenFromInternal(tk), nil
- }
-
- // RetrieveError is the error returned when the token endpoint returns a
- // non-2XX HTTP status code.
- type RetrieveError struct {
- Response *http.Response
- // Body is the body that was consumed by reading Response.Body.
- // It may be truncated.
- Body []byte
- }
-
- func (r *RetrieveError) Error() string {
- return fmt.Sprintf("oauth2: cannot fetch token: %v\nResponse: %s", r.Response.Status, r.Body)
- }
|
