Merge branch 'master' of github.com:golang/oauth2

Author: dmitriyminer

facebook/facebook.go

@@ -11,6 +11,6 @@ import (
 
 // Endpoint is Facebook's OAuth 2.0 endpoint.
 var Endpoint = oauth2.Endpoint{
-	AuthURL:  "https://www.facebook.com/v3.1/dialog/oauth",
-	TokenURL: "https://graph.facebook.com/v3.1/oauth/access_token",
+	AuthURL:  "https://www.facebook.com/v3.2/dialog/oauth",
+	TokenURL: "https://graph.facebook.com/v3.2/oauth/access_token",
 }

google/default.go

@@ -73,7 +73,6 @@ func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSourc
 //   4. On Google Compute Engine, Google App Engine standard second generation runtimes
 //      (>= Go 1.11), and Google App Engine flexible environment, it fetches
 //      credentials from the metadata server.
-//      (In this final case any provided scopes are ignored.)
 func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials, error) {
 	// First, try the environment variable.
 	const envVar = "GOOGLE_APPLICATION_CREDENTIALS"
@@ -109,7 +108,7 @@ func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials
 		id, _ := metadata.ProjectID()
 		return &DefaultCredentials{
 			ProjectID:   id,
-			TokenSource: ComputeTokenSource(""),
+			TokenSource: ComputeTokenSource("", scopes...),
 		}, nil
 	}
 

google/example_test.go

@@ -126,7 +126,9 @@ func ExampleComputeTokenSource() {
 			// Fetch from Google Compute Engine's metadata server to retrieve
 			// an access token for the provided account.
 			// If no account is specified, "default" is used.
-			Source: google.ComputeTokenSource(""),
+			// If no scopes are specified, a set of default scopes
+			// are automatically granted.
+			Source: google.ComputeTokenSource("", "https://www.googleapis.com/auth/bigquery"),
 		},
 	}
 	client.Get("...")

google/google.go

@@ -9,6 +9,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/url"
 	"strings"
 	"time"
 
@@ -151,14 +152,16 @@ func (f *credentialsFile) tokenSource(ctx context.Context, scopes []string) (oau
 // from Google Compute Engine (GCE)'s metadata server. It's only valid to use
 // this token source if your program is running on a GCE instance.
 // If no account is specified, "default" is used.
+// If no scopes are specified, a set of default scopes are automatically granted.
 // Further information about retrieving access tokens from the GCE metadata
 // server can be found at https://cloud.google.com/compute/docs/authentication.
-func ComputeTokenSource(account string) oauth2.TokenSource {
-	return oauth2.ReuseTokenSource(nil, computeSource{account: account})
+func ComputeTokenSource(account string, scope ...string) oauth2.TokenSource {
+	return oauth2.ReuseTokenSource(nil, computeSource{account: account, scopes: scope})
 }
 
 type computeSource struct {
 	account string
+	scopes  []string
 }
 
 func (cs computeSource) Token() (*oauth2.Token, error) {
@@ -169,7 +172,13 @@ func (cs computeSource) Token() (*oauth2.Token, error) {
 	if acct == "" {
 		acct = "default"
 	}
-	tokenJSON, err := metadata.Get("instance/service-accounts/" + acct + "/token")
+	tokenURI := "instance/service-accounts/" + acct + "/token"
+	if len(cs.scopes) > 0 {
+		v := url.Values{}
+		v.Set("scopes", strings.Join(cs.scopes, ","))
+		tokenURI = tokenURI + "?" + v.Encode()
+	}
+	tokenJSON, err := metadata.Get(tokenURI)
 	if err != nil {
 		return nil, err
 	}

internal/token.go

@@ -63,16 +63,12 @@ type tokenJSON struct {
 	TokenType    string         `json:"token_type"`
 	RefreshToken string         `json:"refresh_token"`
 	ExpiresIn    expirationTime `json:"expires_in"` // at least PayPal returns string, while most return number
-	Expires      expirationTime `json:"expires"`    // broken Facebook spelling of expires_in
 }
 
 func (e *tokenJSON) expiry() (t time.Time) {
 	if v := e.ExpiresIn; v != 0 {
 		return time.Now().Add(time.Duration(v) * time.Second)
 	}
-	if v := e.Expires; v != 0 {
-		return time.Now().Add(time.Duration(v) * time.Second)
-	}
 	return
 }
 
@@ -264,12 +260,6 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 			Raw:          vals,
 		}
 		e := vals.Get("expires_in")
-		if e == "" || e == "null" {
-			// TODO(jbd): Facebook's OAuth2 implementation is broken and
-			// returns expires_in field in expires. Remove the fallback to expires,
-			// when Facebook fixes their implementation.
-			e = vals.Get("expires")
-		}
 		expires, _ := strconv.Atoi(e)
 		if expires != 0 {
 			token.Expiry = time.Now().Add(time.Duration(expires) * time.Second)

oauth2_test.go

@@ -275,26 +275,26 @@ const day = 24 * time.Hour
 func TestExchangeRequest_JSONResponse_Expiry(t *testing.T) {
 	seconds := int32(day.Seconds())
 	for _, c := range []struct {
-		name    string
-		expires string
-		want    bool
+		name        string
+		expires     string
+		want        bool
+		nullExpires bool
 	}{
-		{"normal", fmt.Sprintf(`"expires_in": %d`, seconds), true},
-		{"paypal", fmt.Sprintf(`"expires_in": "%d"`, seconds), true},
-		{"facebook", fmt.Sprintf(`"expires": %d`, seconds), true},
-		{"issue_239", fmt.Sprintf(`"expires_in": null, "expires": %d`, seconds), true},
-
-		{"wrong_type", `"expires": false`, false},
-		{"wrong_type2", `"expires": {}`, false},
-		{"wrong_value", `"expires": "zzz"`, false},
+		{"normal", fmt.Sprintf(`"expires_in": %d`, seconds), true, false},
+		{"paypal", fmt.Sprintf(`"expires_in": "%d"`, seconds), true, false},
+		{"issue_239", fmt.Sprintf(`"expires_in": null`), true, true},
+
+		{"wrong_type", `"expires_in": false`, false, false},
+		{"wrong_type2", `"expires_in": {}`, false, false},
+		{"wrong_value", `"expires_in": "zzz"`, false, false},
 	} {
 		t.Run(c.name, func(t *testing.T) {
-			testExchangeRequest_JSONResponse_expiry(t, c.expires, c.want)
+			testExchangeRequest_JSONResponse_expiry(t, c.expires, c.want, c.nullExpires)
 		})
 	}
 }
 
-func testExchangeRequest_JSONResponse_expiry(t *testing.T, exp string, want bool) {
+func testExchangeRequest_JSONResponse_expiry(t *testing.T, exp string, want, nullExpires bool) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		w.Write([]byte(fmt.Sprintf(`{"access_token": "90d", "scope": "user", "token_type": "bearer", %s}`, exp)))
@@ -303,7 +303,7 @@ func testExchangeRequest_JSONResponse_expiry(t *testing.T, exp string, want bool
 	conf := newConf(ts.URL)
 	t1 := time.Now().Add(day)
 	tok, err := conf.Exchange(context.Background(), "exchange-code")
-	t2 := time.Now().Add(day)
+	t2 := t1.Add(day)
 
 	if got := (err == nil); got != want {
 		if want {
@@ -319,8 +319,12 @@ func testExchangeRequest_JSONResponse_expiry(t *testing.T, exp string, want bool
 		t.Fatalf("Token invalid. Got: %#v", tok)
 	}
 	expiry := tok.Expiry
+
+	if nullExpires && expiry.IsZero() {
+		return
+	}
 	if expiry.Before(t1) || expiry.After(t2) {
-		t.Errorf("Unexpected value for Expiry: %v (shold be between %v and %v)", expiry, t1, t2)
+		t.Errorf("Unexpected value for Expiry: %v (should be between %v and %v)", expiry, t1, t2)
 	}
 }