The term "query parameters" suggested that the credentials are passed in the URL which is insecure and is actually not true as the credentials are passed in the request body. See 36a7019397/internal/token.go (L196)
Change-Id: Id0a83f8d317fed30e18310b30860000109dafe88
GitHub-Last-Rev: 3961bc9aff
GitHub-Pull-Request: golang/oauth2#358
Reviewed-on: https://go-review.googlesource.com/c/157877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This function added a totally unused error path, since the only call
site is for App Engine, which cannot produce an error.
Change-Id: I86277ab4ff96e7bd140c53c5a114a338716668e3
Reviewed-on: https://go-review.googlesource.com/85935
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
- provides a bare and custom context example
demonstrating that http client attributes are
not always passed along.
- adds clarifying note to the oauth2.go NewClient
godoc.
- trim down example_test
Change-Id: Iad6697eed83429c36b9ba0efc43293f4910938fb
Reviewed-on: https://go-review.googlesource.com/36553
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: JBD <jbd@google.com>
There is no good reason why we suggest NoContext rather than
context.Background(). When the oauth2 library first came around, the
community was not familiar with the x/net/context package. For
documentation reasons, we decided to add NoContext to the oauth2
package. It was not a good idea even back then. And given that context
package is fairly popular, there is no good reason why we are
depending on this.
Updating all the references of NoContext with context.Background
and documenting it as deprecated.
Change-Id: I18e390f1351023a29b567777a3f963dd550cf657
Reviewed-on: https://go-review.googlesource.com/27690
Reviewed-by: Chris Broadfoot <cbro@golang.org>
This adds a reference to the golang.org/x/oauth2/clientcredentials
package in the docstring for oauth2.Config.
Change-Id: Iee0f36e07fda76c25b9f79e0db3807867a39fab2
Reviewed-on: https://go-review.googlesource.com/25387
Reviewed-by: Jaana Burcu Dogan <jbd@google.com>
Creates a new package called clientcredentials and
adds transport and token information to the internal
package. Also modifies the oauth2 package to make
use of the newly added files in the internal package.
The clientcredentials package allows for token requests
using a "client credentials" grant type.
Fixes https://github.com/golang/oauth2/issues/7
Change-Id: Iec649d1029870c27a2d1023baa9d52db42ff45e8
Reviewed-on: https://go-review.googlesource.com/2983
Reviewed-by: Burcu Dogan <jbd@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
SetParam is quite vague to represent an Option that sets the auth
URL query parameters. Renaming it for explicitness.
Fixes#108.
Change-Id: Ic9f0181097820ee83404c9432451d71658dd8c67
Reviewed-on: https://go-review.googlesource.com/8491
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Many OAuth 2.0 implementations support parameters beyond those supported
by this library. This change exports a SetParam function for
constructing arbitrary key/value parameters.
Change-Id: Ice4179e7c5341bbeac8a53e389b32d59415740fa
Reviewed-on: https://go-review.googlesource.com/8054
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
https://api.pushbullet.com/ accepts client_secret as a POST body parameter
but not via HTTP basic auth, so it needs to be on this list. I have asked
them to fix it properly too :-)
Change-Id: Iff3cba20592c66d5a38755f47b05f1e992dfbad6
Reviewed-on: https://go-review.googlesource.com/7381
Reviewed-by: Andrew Gerrand <adg@golang.org>
Long if condition replaced with loop.
Related to issue #41.
Change-Id: Ib5b88ce2ee2841e9b6c24d78f93bb027141bf678
Reviewed-on: https://go-review.googlesource.com/7290
Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Burcu Dogan <jbd@google.com>
PayPal returns "expires_in" token field as string, not integer.
So, current implementation cannot unmarshal json of tokenJSON due type mismatch.
This patch fixes the issue declaring field as interface{} in tokenJSON and performing type switch in "func (e *tokenJSON) expiry()".
Related to issue #41.
Change-Id: I69301e08c8a56fca049ca47906e32528cd22aef9
Reviewed-on: https://go-review.googlesource.com/6924
Reviewed-by: Andrew Gerrand <adg@golang.org>
Added vk.com and odnoklassniki.ru to provider list in providerAuthHeaderWorks.
Related to issue #41.
Change-Id: If1374528e8f1200d22f8694c5e32cdeae6ebb6ea
Reviewed-on: https://go-review.googlesource.com/6925
Reviewed-by: Andrew Gerrand <adg@golang.org>
Since the empty client secret is permitted by the OAuth 2.0 spec.
The check for clientSecret in retriveTokoen is unnecessary.
Redo #6740
Signed-off-by: Hu Keping <hukeping@huawei.com>
Change-Id: I9126c79a1f8b9d6051c213ee3f93c442a36ca65d
Reviewed-on: https://go-review.googlesource.com/6900
Reviewed-by: Andrew Gerrand <adg@golang.org>
You can now use the "google.golang.org/appengine" packages on both
Managed VMs and App Engine Classic(TM). The newer packages use the
context.Context instead of appengine.Context, so we no longer need the
oauth2.Context type.
Some clients will require code changes, replacing oauth2.Context or
appengine.Context with context.Context (imported from
the repository "golang.org/x/net/context").
Users of classic App Engine must switch to using the new
"google.golang.org/appengine" packages in order to use the oauth2
package.
Fixes#89
Change-Id: Ibaff3117117f9f7c5d1b3048a6e4086f62c18c3b
Reviewed-on: https://go-review.googlesource.com/6075
Reviewed-by: Burcu Dogan <jbd@google.com>
Stripe connect only accepts client secret using via the
Authorization header using 'Bearer' as the method (not 'Basic').
Change-Id: I978d9ce2092fbad3c1a00fde21d689c8e57a3cf1
Reviewed-on: https://go-review.googlesource.com/5532
Reviewed-by: Andrew Gerrand <adg@golang.org>
Fixes bug documented in Issue #84 (https://github.com/golang/oauth2/issues/84#issuecomment-72711375).
During a refresh request, a new refresh token MAY be returned by the authorization server. When this occurs, tokenRefesher.Token() fails to capture the new refresh token leaving it with an invalid refresh token for future calls.
Change-Id: I33b18fdbb750549174865f75eddf85b9725cf281
Reviewed-on: https://go-review.googlesource.com/4151
Reviewed-by: Andrew Gerrand <adg@golang.org>
Adds support for the Resource Owner Password Credentials grant type, which
allows trusted clients to exchange user credentials for an access token
directly. This is generally a bad idea, but is extremely useful in some
situations, where an external redirect is undesirable or impossible.
See https://tools.ietf.org/html/rfc6749#section-4.3
Change-Id: I28efd77957bcf8e1174e93ba0c64a990b94eb839
Reviewed-on: https://go-review.googlesource.com/3862
Reviewed-by: Burcu Dogan <jbd@google.com>
TokenRefresher with that capitalization is not a symbol, and SetToken
doesn't occur anywhere in the package as far as I can tell.
Change-Id: If61f059ed8bb1ca21e27aa99669e542160747fe7
Reviewed-on: https://go-review.googlesource.com/3958
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Token caching is now done whenever you make a Client, and
ReuseTokenSource is exported from the oauth2 package and used by the
Google TokenSources (Compute and App Engine).
Token.Expired is now Token.Valid, and works on nil receivers.
Some other wording cleanups in the process.
All tests pass. App Engine should pass, but is untested.
Change-Id: Ibe1d2599ac3ccfe9b399b1672f74bb24cfc8d311
Reviewed-on: https://go-review.googlesource.com/2195
Reviewed-by: Burcu Dogan <jbd@google.com>
Tests and examples aren't updated yet. The tree will be broken after this,
but nobody should be using this yet anyway.
Change-Id: I0004c738f40919ab46d107c71c011c510fbc748f
Reviewed-on: https://go-review.googlesource.com/1246
Reviewed-by: Burcu Dogan <jbd@google.com>
Bobby DeSimone
Madhu Rajanna
Brad Fitzpatrick
Peter Dotchev
Adam Shannon
Antoine GIRARD
Guillaume J. Charmes
Tim Cooper
Adam Bender
Ross Light
zachgersh
Pablo Lalloni
Jaana Burcu Dogan
Jon Chen
Sean Rees
Andrew Gerrand
Will Norris
Aaron Torres
Russell Haering
Kun
Alex Bramley
Nikolay Turpitko
HuKeping
Ryan Lower
James Sweet
Péter Surányi
Jim Cote
Paul Rosania
Aaron Jacobs
Brad Fitzpatrick
Dave Day
Johan Euphrosine