Google Git
Sign in
go / oauth2 / 4464e7848382e6f39db55097f70e1460bdf944b3
commit4464e7848382e6f39db55097f70e1460bdf944b3[log] [tgz]
authorPablo Lalloni <plalloni@gmail.com>Sat Jun 04 01:11:54 2016 -0300
committerChris Broadfoot <cbro@golang.org>Tue Feb 07 21:18:51 2017 +0000
tree1f686592afa3e2b37c52e029101f27980204e8b5
parent314dd2c0bf3ebd592ec0d20847d27e79d0dbe8dd [diff]
oauth2: remove scope & client_id params from access token request

Remove "scope" & "client_id" from "token request" in the "access token 
request" of the "authorization code grant" flow, keeping "client_id"
in case the provider is one of the known to be broken ones.

Please see https://tools.ietf.org/html/rfc6749#section-4.1.3

This change is required for interoperation with OpenAM.

Fixes golang/oauth2#145
Fixes golang/oauth2#110
Fixes golang/oauth2#188

Change-Id: Ie34c74980a6db7b5d34c851fb55a7d629fc7083e
Reviewed-on: https://go-review.googlesource.com/23790
Reviewed-by: Chris Broadfoot <cbro@golang.org>
4 files changed
tree: 1f686592afa3e2b37c52e029101f27980204e8b5
  1. bitbucket/
  2. clientcredentials/
  3. facebook/
  4. fitbit/
  5. foursquare/
  6. github/
  7. google/
  8. heroku/
  9. hipchat/
  10. internal/
  11. jws/
  12. jwt/
  13. linkedin/
  14. mediamath/
  15. microsoft/
  16. odnoklassniki/
  17. paypal/
  18. slack/
  19. uber/
  20. vk/
  21. .travis.yml
  22. AUTHORS
  23. client_appengine.go
  24. CONTRIBUTING.md
  25. CONTRIBUTORS
  26. example_test.go
  27. LICENSE
  28. oauth2.go
  29. oauth2_test.go
  30. README.md
  31. token.go
  32. token_test.go
  33. transport.go
  34. transport_test.go
README.md

OAuth2 for Go

Build Status GoDoc

oauth2 package contains a client implementation for OAuth 2.0 spec.

Installation

go get golang.org/x/oauth2

See godoc for further documentation and examples.

App Engine

In change 96e89be (March 2015) we removed the oauth2.Context2 type in favor of the context.Context type from the golang.org/x/net/context package

This means its no longer possible to use the “Classic App Engine” appengine.Context type with the oauth2 package. (You're using Classic App Engine if you import the package "appengine".)

To work around this, you may use the new "google.golang.org/appengine" package. This package has almost the same API as the "appengine" package, but it can be fetched with go get and used on “Managed VMs” and well as Classic App Engine.

See the new appengine package's readme for information on updating your app.

If you don't want to update your entire app to use the new App Engine packages, you may use both sets of packages in parallel, using only the new packages with the oauth2 package.

import (
	"golang.org/x/net/context"
	"golang.org/x/oauth2"
	"golang.org/x/oauth2/google"
	newappengine "google.golang.org/appengine"
	newurlfetch "google.golang.org/appengine/urlfetch"

	"appengine"
)

func handler(w http.ResponseWriter, r *http.Request) {
	var c appengine.Context = appengine.NewContext(r)
	c.Infof("Logging a message with the old package")

	var ctx context.Context = newappengine.NewContext(r)
	client := &http.Client{
		Transport: &oauth2.Transport{
			Source: google.AppEngineTokenSource(ctx, "scope"),
			Base:   &newurlfetch.Transport{Context: ctx},
		},
	}
	client.Get("...")
}