| OLD | NEW |
|---|
| 1 // Copyright 2015 The LUCI Authors. All rights reserved. | 1 // Copyright 2015 The LUCI Authors. All rights reserved. |
| 2 // Use of this source code is governed under the Apache License, Version 2.0 | 2 // Use of this source code is governed under the Apache License, Version 2.0 |
| 3 // that can be found in the LICENSE file. | 3 // that can be found in the LICENSE file. |
| 4 | 4 |
| 5 // Package auth implements an opinionated wrapper around OAuth2. | 5 // Package auth implements an opinionated wrapper around OAuth2. |
| 6 // | 6 // |
| 7 // It hides configurability of base oauth2 library and instead makes a | 7 // It hides configurability of base oauth2 library and instead makes a |
| 8 // predefined set of choices regarding where the credentials should be stored, | 8 // predefined set of choices regarding where the credentials should be stored, |
| 9 // how they should be cached and how OAuth2 flow should be invoked. | 9 // how they should be cached and how OAuth2 flow should be invoked. |
| 10 // | 10 // |
| (...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 217 // AccessToken is actual token that authorizes and authenticates the req
uests. | 217 // AccessToken is actual token that authorizes and authenticates the req
uests. |
| 218 AccessToken string `json:"access_token"` | 218 AccessToken string `json:"access_token"` |
| 219 | 219 |
| 220 // Expiry is the expiration time of the token or zero if it does not exp
ire. | 220 // Expiry is the expiration time of the token or zero if it does not exp
ire. |
| 221 Expiry time.Time `json:"expiry"` | 221 Expiry time.Time `json:"expiry"` |
| 222 | 222 |
| 223 // TokenType is the type of token (e.g. "Bearer", which is default). | 223 // TokenType is the type of token (e.g. "Bearer", which is default). |
| 224 TokenType string `json:"token_type,omitempty"` | 224 TokenType string `json:"token_type,omitempty"` |
| 225 } | 225 } |
| 226 | 226 |
| 227 // OAuth2Token returns the oauth2.Token containing the same data as tok. |
| 228 func (tok *Token) OAuth2Token() *oauth2.Token { |
| 229 return &oauth2.Token{ |
| 230 AccessToken: tok.AccessToken, |
| 231 Expiry: tok.Expiry, |
| 232 TokenType: tok.TokenType, |
| 233 } |
| 234 } |
| 235 |
| 227 // NewAuthenticator returns a new instance of Authenticator given its options. | 236 // NewAuthenticator returns a new instance of Authenticator given its options. |
| 228 // | 237 // |
| 229 // The authenticator is essentially a factory for http.RoundTripper that knows | 238 // The authenticator is essentially a factory for http.RoundTripper that knows |
| 230 // how to use OAuth2 tokens. It is bound to the given context: uses its logger, | 239 // how to use OAuth2 tokens. It is bound to the given context: uses its logger, |
| 231 // clock, transport and deadline. | 240 // clock, transport and deadline. |
| 232 func NewAuthenticator(ctx context.Context, loginMode LoginMode, opts Options) *A
uthenticator { | 241 func NewAuthenticator(ctx context.Context, loginMode LoginMode, opts Options) *A
uthenticator { |
| 233 ctx = logging.SetField(ctx, "pkg", "auth") | 242 ctx = logging.SetField(ctx, "pkg", "auth") |
| 234 | 243 |
| 235 // Add default scope, sort scopes. | 244 // Add default scope, sort scopes. |
| 236 if len(opts.Scopes) == 0 { | 245 if len(opts.Scopes) == 0 { |
| (...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 469 type tokenSource struct { | 478 type tokenSource struct { |
| 470 a *Authenticator | 479 a *Authenticator |
| 471 } | 480 } |
| 472 | 481 |
| 473 // Token is part of oauth2.TokenSource inteface. | 482 // Token is part of oauth2.TokenSource inteface. |
| 474 func (s tokenSource) Token() (*oauth2.Token, error) { | 483 func (s tokenSource) Token() (*oauth2.Token, error) { |
| 475 tok, err := s.a.GetAccessToken(minAcceptedLifetime) | 484 tok, err := s.a.GetAccessToken(minAcceptedLifetime) |
| 476 if err != nil { | 485 if err != nil { |
| 477 return nil, err | 486 return nil, err |
| 478 } | 487 } |
| 479 » return &oauth2.Token{ | 488 » return tok.OAuth2Token(), nil |
| 480 » » AccessToken: tok.AccessToken, | |
| 481 » » Expiry: tok.Expiry, | |
| 482 » » TokenType: tok.TokenType, | |
| 483 » }, nil | |
| 484 } | 489 } |
| 485 | 490 |
| 486 //////////////////////////////////////////////////////////////////////////////// | 491 //////////////////////////////////////////////////////////////////////////////// |
| 487 // Authenticator private methods. | 492 // Authenticator private methods. |
| 488 | 493 |
| 489 // ensureInitialized instantiates TokenProvider and reads token from cache. | 494 // ensureInitialized instantiates TokenProvider and reads token from cache. |
| 490 // | 495 // |
| 491 // It is supposed to be called under the lock. | 496 // It is supposed to be called under the lock. |
| 492 func (a *Authenticator) ensureInitialized() error { | 497 func (a *Authenticator) ensureInitialized() error { |
| 493 if a.err != nil || a.provider != nil { | 498 if a.err != nil || a.provider != nil { |
| (...skipping 420 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 914 | 919 |
| 915 // SecretsDir returns an absolute path to a directory (in $HOME) to keep secret | 920 // SecretsDir returns an absolute path to a directory (in $HOME) to keep secret |
| 916 // files in or an error if $HOME can't be determined. | 921 // files in or an error if $HOME can't be determined. |
| 917 func SecretsDir() (string, error) { | 922 func SecretsDir() (string, error) { |
| 918 home, err := homedir.Dir() | 923 home, err := homedir.Dir() |
| 919 if err != nil { | 924 if err != nil { |
| 920 return "", err | 925 return "", err |
| 921 } | 926 } |
| 922 return filepath.Join(home, ".config", "chrome_infra", "auth"), nil | 927 return filepath.Join(home, ".config", "chrome_infra", "auth"), nil |
| 923 } | 928 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2646543003:
server/auth: Add TokenSource call. (Closed)
