Managed VM apps can use the net/http package directly, and can use the
metadata server instead of the appengine package to get Service Account
tokens.
Change-Id: Ifa30eea446ffe4a9121ce3401900f4b73ddf07db
Reviewed-on: https://go-review.googlesource.com/14125
Reviewed-by: Andrew Gerrand <adg@golang.org>
This is a new form of authentication for Google services, where instead
of passing a signed claim to obtain a token from the OAuth endpoint, you
present the signed claim *as* the token to the API endpoint.
Fixes#139.
Fixes#140.
Change-Id: Ibf0f168a0ec111660ac08b86121c943fb96e146c
Reviewed-on: https://go-review.googlesource.com/10667
Reviewed-by: David Symonds <dsymonds@golang.org>
Reviewed-by: Dave Day <djd@golang.org>
Google is moving toward a default, language-agnostic way of obtaining
authentication credentials on App Engine and Compute Engine.
This change implements this mechanism.
Fixes#90.
Change-Id: Iaae4d60bbc75b1a9f2ec6ad14ab76fb2e279d756
Reviewed-on: https://go-review.googlesource.com/6074
Reviewed-by: Burcu Dogan <jbd@google.com>
client_credentials.json may contain credentials for the installed
applications. Populate the Config depending on what's available in
the JSON key.
Change-Id: I47f494f1c31967a920fe557a9e8c1c4652943c4e
Reviewed-on: https://go-review.googlesource.com/7250
Reviewed-by: Andrew Gerrand <adg@golang.org>
You can now use the "google.golang.org/appengine" packages on both
Managed VMs and App Engine Classic(TM). The newer packages use the
context.Context instead of appengine.Context, so we no longer need the
oauth2.Context type.
Some clients will require code changes, replacing oauth2.Context or
appengine.Context with context.Context (imported from
the repository "golang.org/x/net/context").
Users of classic App Engine must switch to using the new
"google.golang.org/appengine" packages in order to use the oauth2
package.
Fixes#89
Change-Id: Ibaff3117117f9f7c5d1b3048a6e4086f62c18c3b
Reviewed-on: https://go-review.googlesource.com/6075
Reviewed-by: Burcu Dogan <jbd@google.com>
google.NewCloudSDK fails to decode credentials file if it contains
service account.
NOTE: the private key in testdata is generated only for this test.
Fixes#86 (https://github.com/golang/oauth2/issues/86).
Change-Id: I9e9e8e10763723d1bf1f953b491aa6e6f3ee760c
Reviewed-on: https://go-review.googlesource.com/4220
Reviewed-by: Andrew Gerrand <adg@golang.org>
This follows the change to the google.golang.org/appengine packages
to use the standard context.Context type throughout.
Change-Id: I91b456105ee29f2088c3646145ea0a940f8ffaf4
Reviewed-on: https://go-review.googlesource.com/3172
Reviewed-by: Burcu Dogan <jbd@google.com>
Reviewed-by: David Symonds <dsymonds@golang.org>
Token caching is now done whenever you make a Client, and
ReuseTokenSource is exported from the oauth2 package and used by the
Google TokenSources (Compute and App Engine).
Token.Expired is now Token.Valid, and works on nil receivers.
Some other wording cleanups in the process.
All tests pass. App Engine should pass, but is untested.
Change-Id: Ibe1d2599ac3ccfe9b399b1672f74bb24cfc8d311
Reviewed-on: https://go-review.googlesource.com/2195
Reviewed-by: Burcu Dogan <jbd@google.com>
- Removed Flow, flow is a nothing but options.
- Renamed Cacher to Storer.
- Removed the setter from the Transport. Store should do the initial set.
Getter is not removed, because extra fields are available through
Transport.Token.Extra(). It's not pleasant to implement a custom Storer
implementation to read such values.
oauth2: Remove VMs from the AppEngine example title
- Reduce the duplicate code by merging the flows and
determining the flow type by looking at the provided options.
- Options as a function type allows us to validate an individual
an option in its scope and makes it easier to compose the
built-in options with the third-party ones.
This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service.
Without a fully qualified domain name, containers (like Docker) can't
connect to the metadata server. Update the address for the metadata
server to be a FQDN so containers can use the library. See #44.
GAE managed VM runtime contains both appengine and appenginevm
build tags. Currently, appengine.go is being built even if user
wants to use the package on managed VM that errors with no
"appengine" package to import.
Andrew Gerrand
Chris Broadfoot
Burcu Dogan
Yuki Yugui Sonoda
Dave Day
Johan Euphrosine
Brad Fitzpatrick
Glenn Lewis
Paddy Foran