package stsexchange

import "cloud.google.com/go/auth/credentials/internal/stsexchange"

Index ¶

• Constants
• type ClientAuthentication
• func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header)
• type Options
• type TokenRequest
• type TokenResponse
• func ExchangeToken(ctx context.Context, opts *Options) (*TokenResponse, error)
• func RefreshAccessToken(ctx context.Context, opts *Options) (*TokenResponse, error)

Constants ¶

const (
	// GrantType for a sts exchange.
	GrantType = "urn:ietf:params:oauth:grant-type:token-exchange"
	// TokenType for a sts exchange.
	TokenType = "urn:ietf:params:oauth:token-type:access_token"
)

Types ¶

type ClientAuthentication ¶

type ClientAuthentication struct {
	AuthStyle    auth.Style
	ClientID     string
	ClientSecret string
}

ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.

func (*ClientAuthentication) InjectAuthentication ¶

func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header)

InjectAuthentication is used to add authentication to a Secure Token Service exchange request. It modifies either the passed url.Values or http.Header depending on the desired authentication format.

type Options ¶

type Options struct {
	Client         *http.Client
	Endpoint       string
	Request        *TokenRequest
	Authentication ClientAuthentication
	Headers        http.Header
	// ExtraOpts are optional fields marshalled into the `options` field of the
	// request body.
	ExtraOpts    map[string]interface{}
	RefreshToken string
}

Options stores the configuration for making an sts exchange request.

type TokenRequest ¶

type TokenRequest struct {
	ActingParty struct {
		ActorToken     string
		ActorTokenType string
	}
	GrantType          string
	Resource           string
	Audience           string
	Scope              []string
	RequestedTokenType string
	SubjectToken       string
	SubjectTokenType   string
}

TokenRequest contains fields necessary to make an oauth2 token exchange.

type TokenResponse ¶

type TokenResponse struct {
	AccessToken     string `json:"access_token"`
	IssuedTokenType string `json:"issued_token_type"`
	TokenType       string `json:"token_type"`
	ExpiresIn       int    `json:"expires_in"`
	Scope           string `json:"scope"`
	RefreshToken    string `json:"refresh_token"`
}

TokenResponse is used to decode the remote server response during an oauth2 token exchange.

func ExchangeToken ¶

func ExchangeToken(ctx context.Context, opts *Options) (*TokenResponse, error)

ExchangeToken performs an oauth2 token exchange with the provided endpoint.

func RefreshAccessToken ¶

func RefreshAccessToken(ctx context.Context, opts *Options) (*TokenResponse, error)

RefreshAccessToken performs the token exchange using a refresh token flow.

Source Files ¶

sts_exchange.go