mirror of
https://github.com/golang/oauth2.git
synced 2025-07-21 00:00:09 +08:00
7af32f14d0
Support obtaining a DefaultCredentials value from JSON data. Also, add an example, and write more package doc. For Go 1.9 and higher, rename DefaultCredentials to Credentials and make the former an alias for the latter. Updates google/google-api-go-client#247. Change-Id: I9f9e234ed79f8e08fa13914d9c6c60e0154a06e5 Reviewed-on: https://go-review.googlesource.com/99795 Reviewed-by: Ross Light <light@google.com> Reviewed-by: Chris Broadfoot <cbro@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
163 lines
4.9 KiB
Go
163 lines
4.9 KiB
Go
// Copyright 2014 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package google_test
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
|
|
"golang.org/x/net/context"
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/google"
|
|
"golang.org/x/oauth2/jwt"
|
|
"google.golang.org/appengine"
|
|
"google.golang.org/appengine/urlfetch"
|
|
)
|
|
|
|
func ExampleDefaultClient() {
|
|
client, err := google.DefaultClient(oauth2.NoContext,
|
|
"https://www.googleapis.com/auth/devstorage.full_control")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
client.Get("...")
|
|
}
|
|
|
|
func Example_webServer() {
|
|
// Your credentials should be obtained from the Google
|
|
// Developer Console (https://console.developers.google.com).
|
|
conf := &oauth2.Config{
|
|
ClientID: "YOUR_CLIENT_ID",
|
|
ClientSecret: "YOUR_CLIENT_SECRET",
|
|
RedirectURL: "YOUR_REDIRECT_URL",
|
|
Scopes: []string{
|
|
"https://www.googleapis.com/auth/bigquery",
|
|
"https://www.googleapis.com/auth/blogger",
|
|
},
|
|
Endpoint: google.Endpoint,
|
|
}
|
|
// Redirect user to Google's consent page to ask for permission
|
|
// for the scopes specified above.
|
|
url := conf.AuthCodeURL("state")
|
|
fmt.Printf("Visit the URL for the auth dialog: %v", url)
|
|
|
|
// Handle the exchange code to initiate a transport.
|
|
tok, err := conf.Exchange(oauth2.NoContext, "authorization-code")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
client := conf.Client(oauth2.NoContext, tok)
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleJWTConfigFromJSON() {
|
|
// Your credentials should be obtained from the Google
|
|
// Developer Console (https://console.developers.google.com).
|
|
// Navigate to your project, then see the "Credentials" page
|
|
// under "APIs & Auth".
|
|
// To create a service account client, click "Create new Client ID",
|
|
// select "Service Account", and click "Create Client ID". A JSON
|
|
// key file will then be downloaded to your computer.
|
|
data, err := ioutil.ReadFile("/path/to/your-project-key.json")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
conf, err := google.JWTConfigFromJSON(data, "https://www.googleapis.com/auth/bigquery")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
// Initiate an http.Client. The following GET request will be
|
|
// authorized and authenticated on the behalf of
|
|
// your service account.
|
|
client := conf.Client(oauth2.NoContext)
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleSDKConfig() {
|
|
// The credentials will be obtained from the first account that
|
|
// has been authorized with `gcloud auth login`.
|
|
conf, err := google.NewSDKConfig("")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
// Initiate an http.Client. The following GET request will be
|
|
// authorized and authenticated on the behalf of the SDK user.
|
|
client := conf.Client(oauth2.NoContext)
|
|
client.Get("...")
|
|
}
|
|
|
|
func Example_serviceAccount() {
|
|
// Your credentials should be obtained from the Google
|
|
// Developer Console (https://console.developers.google.com).
|
|
conf := &jwt.Config{
|
|
Email: "xxx@developer.gserviceaccount.com",
|
|
// The contents of your RSA private key or your PEM file
|
|
// that contains a private key.
|
|
// If you have a p12 file instead, you
|
|
// can use `openssl` to export the private key into a pem file.
|
|
//
|
|
// $ openssl pkcs12 -in key.p12 -passin pass:notasecret -out key.pem -nodes
|
|
//
|
|
// The field only supports PEM containers with no passphrase.
|
|
// The openssl command will convert p12 keys to passphrase-less PEM containers.
|
|
PrivateKey: []byte("-----BEGIN RSA PRIVATE KEY-----..."),
|
|
Scopes: []string{
|
|
"https://www.googleapis.com/auth/bigquery",
|
|
"https://www.googleapis.com/auth/blogger",
|
|
},
|
|
TokenURL: google.JWTTokenURL,
|
|
// If you would like to impersonate a user, you can
|
|
// create a transport with a subject. The following GET
|
|
// request will be made on the behalf of user@example.com.
|
|
// Optional.
|
|
Subject: "user@example.com",
|
|
}
|
|
// Initiate an http.Client, the following GET request will be
|
|
// authorized and authenticated on the behalf of user@example.com.
|
|
client := conf.Client(oauth2.NoContext)
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleAppEngineTokenSource() {
|
|
var req *http.Request // from the ServeHTTP handler
|
|
ctx := appengine.NewContext(req)
|
|
client := &http.Client{
|
|
Transport: &oauth2.Transport{
|
|
Source: google.AppEngineTokenSource(ctx, "https://www.googleapis.com/auth/bigquery"),
|
|
Base: &urlfetch.Transport{
|
|
Context: ctx,
|
|
},
|
|
},
|
|
}
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleComputeTokenSource() {
|
|
client := &http.Client{
|
|
Transport: &oauth2.Transport{
|
|
// Fetch from Google Compute Engine's metadata server to retrieve
|
|
// an access token for the provided account.
|
|
// If no account is specified, "default" is used.
|
|
Source: google.ComputeTokenSource(""),
|
|
},
|
|
}
|
|
client.Get("...")
|
|
}
|
|
|
|
func ExampleCredentialsFromJSON() {
|
|
ctx := context.Background()
|
|
data, err := ioutil.ReadFile("/path/to/key-file.json")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
creds, err := google.CredentialsFromJSON(ctx, data, "https://www.googleapis.com/auth/bigquery")
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
_ = creds // TODO: Use creds.
|
|
}
|