Add a package for authenticating via OAuth2.

pkg/oauth2/lib/src/client.dart

Index: pkg/oauth2/lib/src/client.dart
diff --git a/pkg/oauth2/lib/src/client.dart b/pkg/oauth2/lib/src/client.dart
new file mode 100644
index 0000000000000000000000000000000000000000..dc71e404716e3b527a660c908d7c91139f6c2335
--- /dev/null
+++ b/pkg/oauth2/lib/src/client.dart
@@ -0,0 +1,125 @@
+// Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+library client;
+
+import 'dart:uri';
+
+import '../../../http/lib/http.dart' as http;
+
+import 'credentials.dart';
+import 'expiration_exception.dart';
+import 'utils.dart';
+
+// TODO(nweiz): Add an onCredentialsRefreshed event once we have some event
+// infrastructure.
+/// An OAuth2 client. This acts as a drop-in replacement for an
+/// [http.BaseClient], while sending OAuth2 authorization credentials along with
+/// each request.
+///
+/// The client also automatically refreshes its credentials if possible. When it
+/// makes a request, if its credentials are expired, it will first refresh them.
+/// This means that any request may throw an [AuthorizationException] if the
+/// refresh is not authorized for some reason, a [FormatException] if the
+/// authorization server provides ill-formatted responses, or an
+/// [ExpirationException] if the credentials are expired and can't be refreshed.
+///
+/// Currently this client doesn't attempt to identify errors from the resource
+/// server that are caused by authentication failure. However, it may throw
+/// [AuthorizationException]s for such errors in the future.
+///
+/// If you already have a set of [Credentials], you can construct a [Client]
+/// directly. However, in order to first obtain the credentials, you must
+/// authorize. At the time of writing, the only authorization method this
+/// library supports is [AuthorizationCodeGrant].
+class Client extends http.BaseClient {
+  /// The client identifier for this client. The authorization server will issue
+  /// each client a separate client identifier and secret, which allows the
+  /// server to tell which client is accessing it. Some servers may also have an
+  /// anonymous identifier/secret pair that any client may use.
+  ///
+  /// This is usually global to the program using this library.
+  final String identifier;
+
+  /// The client secret for this client. The authorization server will issue
+  /// each client a separate client identifier and secret, which allows the
+  /// server to tell which client is accessing it. Some servers may also have an
+  /// anonymous identifier/secret pair that any client may use.
+  ///
+  /// This is usually global to the program using this library.
+  ///
+  /// Note that clients whose source code or binary executable is readily
+  /// available may not be able to make sure the client secret is kept a secret.
+  /// This is fine; OAuth2 servers generally won't rely on knowing with
+  /// certainty that a client is who it claims to be.
+  final String secret;
+
+  /// The credentials this client uses to prove to the resource server that it's
+  /// authorized. This may change from request to request as the credentials
+  /// expire and the client refreshes them automatically.
+  Credentials get credentials => _credentials;
+  Credentials _credentials;
+
+  /// The underlying HTTP client.
+  http.BaseClient _httpClient;
+
+  /// Creates a new client from a pre-existing set of credentials. When
+  /// authorizing a client for the first time, you should use
+  /// [AuthorizationCodeGrant] instead of constructing a [Client] directly.
+  ///
+  /// [httpClient] is the underlying client that this forwards requests to after
+  /// adding authorization credentials to them.
+  Client(
+      this.identifier,
+      this.secret,
+      this._credentials,
+      {http.BaseClient httpClient})
+    : _httpClient = httpClient == null ? new http.Client() : httpClient;
+
+  /// Sends an HTTP request with OAuth2 authorization credentials attached. This
+  /// will also automatically refresh this client's [Credentials] before sending
+  /// the request if necessary.
+  Future<http.StreamedResponse> send(http.BaseRequest request) {
+    return async.chain((_) {
+      if (!credentials.isExpired) return new Future.immediate(null);
+      if (!credentials.canRefresh) throw new ExpirationException(credentials);
+      return refreshCredentials();
+    }).chain((_) {
+      request.headers['authorization'] = "Bearer ${credentials.accessToken}";
+      return _httpClient.send(request);
+    });
+    // TODO(nweiz): parse 401 errors that are caused by OAuth errors here.
+  }
+
+  /// Explicitly refreshes this client's credentials. Returns this client.
+  ///
+  /// This will throw a [StateError] if the [Credentials] can't be refreshed, an
+  /// [AuthorizationException] if refreshing the credentials fails, or a
+  /// [FormatError] if the authorization server returns invalid responses.
+  ///
+  /// You may request different scopes than the default by passing in
+  /// [newScopes]. These must be a subset of the scopes in the
+  /// [Credentials.scopes] field of [Client.credentials].
+  Future<Client> refreshCredentials([List<String> newScopes]) {
+    return async.chain((_) {
+      if (!credentials.canRefresh) {
+        var prefix = "OAuth credentials";
+        if (credentials.isExpired) prefix = "$prefix have expired and";
+        throw new StateError("$prefix can't be refreshed.");
+      }
+
+      return credentials.refresh(identifier, secret,
+          newScopes: newScopes, httpClient: _httpClient);
+    }).transform((credentials) {
+      _credentials = credentials;
+      return this;
+    });
+  }
+
+  /// Closes this client and its underlying HTTP client.
+  void close() {
+    if (_httpClient != null) _httpClient.close();
+    _httpClient = null;
+  }
+}