tokenserver/appengine/impl/serviceaccounts/grant.go - Issue 2991413002: tokenserver: Implement MintOAuthTokenGrant RPC.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: tokenserver/appengine/impl/serviceaccounts/grant.go

Issue 2991413002: tokenserver: Implement MintOAuthTokenGrant RPC. (Closed)

Patch Set: Created 3 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « no previous file | tokenserver/appengine/impl/serviceaccounts/grant_test.go » ('j') | tokenserver/appengine/impl/serviceaccounts/rpc_mint_oauth_token_grant.go » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: tokenserver/appengine/impl/serviceaccounts/grant.go

diff --git a/tokenserver/appengine/impl/serviceaccounts/grant.go b/tokenserver/appengine/impl/serviceaccounts/grant.go

new file mode 100644

index 0000000000000000000000000000000000000000..946940fd22ba81620a688c3777e0f62575288aee

--- /dev/null

+++ b/tokenserver/appengine/impl/serviceaccounts/grant.go

@@ -0,0 +1,51 @@

+//

+// Licensed under the Apache License, Version 2.0 (the "License");

+// you may not use this file except in compliance with the License.

+// You may obtain a copy of the License at

+//

+// http://www.apache.org/licenses/LICENSE-2.0

+//

+// Unless required by applicable law or agreed to in writing, software

+// distributed under the License is distributed on an "AS IS" BASIS,

+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+// See the License for the specific language governing permissions and

+// limitations under the License.

+package serviceaccounts

+import (

+ "github.com/golang/protobuf/proto"

+ "golang.org/x/net/context"

+ "github.com/luci/luci-go/server/auth/signing"

+ "github.com/luci/luci-go/tokenserver/api"

+ "github.com/luci/luci-go/tokenserver/appengine/impl/utils/tokensigning"

+// tokenSigningContext is used to make sure grant token is not misused in

+// place of some other token.

+//

+// See SigningContext in utils/tokensigning.Signer.

+const tokenSigningContext = "LUCI OAuthTokenGrant v1"

+// SignGrant signs and serializes the OAuth grant.

+//

+// It doesn't do any validation. Assumes the prepared body is valid.

+//

+// Produces base64 URL-safe token or a transient error.

+func SignGrant(c context.Context, signer signing.Signer, tok *tokenserver.OAuthTokenGrantBody) (string, error) {

Vadim Sh. 2017/08/04 06:37:37 similar to https://github.com/luci/luci-go/blob/ma

+ s := tokensigning.Signer{

+ Signer: signer,

+ SigningContext: tokenSigningContext,

+ Wrap: func(w *tokensigning.Unwrapped) proto.Message {

+ return &tokenserver.OAuthTokenGrantEnvelope{

+ TokenBody: w.Body,

+ Pkcs1Sha256Sig: w.RsaSHA256Sig,

+ KeyId: w.KeyID,

+ }

+ },

+ }

+ return s.SignToken(c, tok)