mirror of
https://github.com/golang/oauth2.git
synced 2025-07-21 00:00:09 +08:00
a379e41d44
Token caching is now done whenever you make a Client, and ReuseTokenSource is exported from the oauth2 package and used by the Google TokenSources (Compute and App Engine). Token.Expired is now Token.Valid, and works on nil receivers. Some other wording cleanups in the process. All tests pass. App Engine should pass, but is untested. Change-Id: Ibe1d2599ac3ccfe9b399b1672f74bb24cfc8d311 Reviewed-on: https://go-review.googlesource.com/2195 Reviewed-by: Burcu Dogan <jbd@google.com>
133 lines
4.1 KiB
Go
133 lines
4.1 KiB
Go
// Copyright 2014 The oauth2 Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// +build appenginevm !appengine
|
|
|
|
package google_test
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/google"
|
|
"google.golang.org/appengine"
|
|
"google.golang.org/appengine/urlfetch"
|
|
)
|
|
|
|
// Remove after Go 1.4.
|
|
// Related to https://codereview.appspot.com/107320046
|
|
func TestA(t *testing.T) {}
|
|
|
|
func Example_webServer() {
|
|
// Your credentials should be obtained from the Google
|
|
// Developer Console (https://console.developers.google.com).
|
|
conf := &oauth2.Config{
|
|
ClientID: "YOUR_CLIENT_ID",
|
|
ClientSecret: "YOUR_CLIENT_SECRET",
|
|
RedirectURL: "YOUR_REDIRECT_URL",
|
|
Scopes: []string{
|
|
"https://www.googleapis.com/auth/bigquery",
|
|
"https://www.googleapis.com/auth/blogger",
|
|
},
|
|
Endpoint: google.Endpoint,
|
|
}
|
|
// Redirect user to Google's consent page to ask for permission
|
|
// for the scopes specified above.
|
|
url := conf.AuthCodeURL("state")
|
|
fmt.Printf("Visit the URL for the auth dialog: %v", url)
|
|
|
|
// Handle the exchange code to initiate a transport.
|
|
tok, err := conf.Exchange(oauth2.NoContext, "authorization-code")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
client := conf.Client(oauth2.NoContext, tok)
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleJWTConfigFromJSON() {
|
|
// Your credentials should be obtained from the Google
|
|
// Developer Console (https://console.developers.google.com).
|
|
// Navigate to your project, then see the "Credentials" page
|
|
// under "APIs & Auth".
|
|
// To create a service account client, click "Create new Client ID",
|
|
// select "Service Account", and click "Create Client ID". A JSON
|
|
// key file will then be downloaded to your computer.
|
|
data, err := ioutil.ReadFile("/path/to/your-project-key.json")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
conf, err := google.JWTConfigFromJSON(oauth2.NoContext, data, "https://www.googleapis.com/auth/bigquery")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
// Initiate an http.Client. The following GET request will be
|
|
// authorized and authenticated on the behalf of
|
|
// your service account.
|
|
client := conf.Client(oauth2.NoContext)
|
|
client.Get("...")
|
|
}
|
|
|
|
func Example_serviceAccount() {
|
|
// Your credentials should be obtained from the Google
|
|
// Developer Console (https://console.developers.google.com).
|
|
conf := &oauth2.JWTConfig{
|
|
Email: "xxx@developer.gserviceaccount.com",
|
|
// The contents of your RSA private key or your PEM file
|
|
// that contains a private key.
|
|
// If you have a p12 file instead, you
|
|
// can use `openssl` to export the private key into a pem file.
|
|
//
|
|
// $ openssl pkcs12 -in key.p12 -passin pass:notasecret -out key.pem -nodes
|
|
//
|
|
// The field only supports PEM containers with no passphrase.
|
|
// The openssl command will convert p12 keys to passphrase-less PEM containers.
|
|
PrivateKey: []byte("-----BEGIN RSA PRIVATE KEY-----..."),
|
|
Scopes: []string{
|
|
"https://www.googleapis.com/auth/bigquery",
|
|
"https://www.googleapis.com/auth/blogger",
|
|
},
|
|
TokenURL: google.JWTTokenURL,
|
|
// If you would like to impersonate a user, you can
|
|
// create a transport with a subject. The following GET
|
|
// request will be made on the behalf of user@example.com.
|
|
// Optional.
|
|
Subject: "user@example.com",
|
|
}
|
|
// Initiate an http.Client, the following GET request will be
|
|
// authorized and authenticated on the behalf of user@example.com.
|
|
client := conf.Client(oauth2.NoContext)
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleAppEngineTokenSource() {
|
|
var req *http.Request // from the ServeHTTP handler
|
|
ctx := appengine.NewContext(req)
|
|
client := &http.Client{
|
|
Transport: &oauth2.Transport{
|
|
Source: google.AppEngineTokenSource(ctx, "https://www.googleapis.com/auth/bigquery"),
|
|
Base: &urlfetch.Transport{
|
|
Context: ctx,
|
|
},
|
|
},
|
|
}
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleComputeTokenSource() {
|
|
client := &http.Client{
|
|
Transport: &oauth2.Transport{
|
|
// Fetch from Google Compute Engine's metadata server to retrieve
|
|
// an access token for the provided account.
|
|
// If no account is specified, "default" is used.
|
|
Source: google.ComputeTokenSource(""),
|
|
},
|
|
}
|
|
client.Get("...")
|
|
}
|