| // Copyright 2015 The Goma Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef DEVTOOLS_GOMA_CLIENT_OAUTH2_H_ |
| #define DEVTOOLS_GOMA_CLIENT_OAUTH2_H_ |
| |
| #include <string> |
| |
| #include "absl/strings/string_view.h" |
| #include "absl/time/time.h" |
| |
| namespace devtools_goma { |
| |
| struct OAuth2Config { |
| std::string auth_uri; |
| std::string token_uri; |
| std::string scope; |
| |
| std::string client_id; |
| std::string client_secret; |
| std::string refresh_token; |
| |
| // "type": "authorized_user" is used in gRPC GoogleDefaultCredentials. |
| // TODO: Stop to use OAuth2Config with ServiceAccountConfig. |
| std::string type; |
| |
| bool enabled() const { |
| return !auth_uri.empty() && !token_uri.empty() && !scope.empty() && |
| !client_id.empty() && !client_secret.empty(); |
| } |
| bool valid() const { |
| return enabled() && !refresh_token.empty(); |
| } |
| void clear() { |
| auth_uri.clear(); |
| token_uri.clear(); |
| scope.clear(); |
| client_id.clear(); |
| client_secret.clear(); |
| refresh_token.clear(); |
| type.clear(); |
| } |
| }; |
| |
| // ServiceAccountConfig has fields in service account json |
| // generated by google cloud console. |
| // Json file should have type field, which value must be "service_account". |
| struct ServiceAccountConfig { |
| // required for GoogleOAuth2AccessTokenRefreshTask |
| std::string private_key; // to sign JWT. |
| std::string client_email; // claim set iss. |
| |
| // optional. goma client doesn't use these fields. |
| // (some of them are used only for logging.) |
| std::string project_id; |
| std::string private_key_id; |
| std::string client_id; |
| std::string auth_uri; |
| std::string token_uri; |
| std::string auth_provider_x509_cert_url; |
| std::string client_x509_cert_url; |
| }; |
| |
| // Parse OAuth2 Access Token in refresh token response. |
| // Returns true on success, and token_type is set to |token_type|, |
| // access_token is set to |access_token|, and expires_in filed in json is |
| // set to |expires_in|. |
| bool ParseOAuth2AccessToken(const std::string& json, |
| std::string* token_type, |
| std::string* access_token, |
| absl::Duration* expires_in); |
| |
| // Returns default OAuth2 config. |
| void DefaultOAuth2Config(OAuth2Config* config); |
| |
| // Parse OAuth2 config file. |
| // Returns true on success and all OAuth2Config fields are ready to use. |
| bool ParseOAuth2Config(const std::string& str, OAuth2Config* config); |
| |
| // Format OAuth2 config for OAuth2 config file. |
| std::string FormatOAuth2Config(const OAuth2Config& config); |
| |
| bool SaveOAuth2Config(const std::string& filename, const OAuth2Config& config); |
| |
| // Parse ServiceAccount JSON file. |
| bool ParseServiceAccountJson(const std::string& str, |
| ServiceAccountConfig* config); |
| |
| const char kGoogleAuthURI[] = |
| "https://accounts.google.com/o/oauth2/auth"; |
| const char kGoogleTokenURI[] = "https://oauth2.googleapis.com/token"; |
| const char kGoogleTokenInfoURI[] = "https://oauth2.googleapis.com/tokeninfo"; |
| const char kGoogleTokenAudienceURI[] = |
| "https://www.googleapis.com/oauth2/v4/token"; |
| |
| const char kGomaAuthScope[] = "https://www.googleapis.com/auth/userinfo.email"; |
| |
| } // namespace devtools_goma |
| |
| #endif // DEVTOOLS_GOMA_CLIENT_OAUTH2_H_ |
