Syncing a fork

Author: dmitriyminer

README.md

@@ -19,54 +19,12 @@ See godoc for further documentation and examples.
 * [godoc.org/golang.org/x/oauth2](http://godoc.org/golang.org/x/oauth2)
 * [godoc.org/golang.org/x/oauth2/google](http://godoc.org/golang.org/x/oauth2/google)
 
+## Policy for new packages
 
-## App Engine
-
-In change 96e89be (March 2015), we removed the `oauth2.Context2` type in favor
-of the [`context.Context`](https://golang.org/x/net/context#Context) type from
-the `golang.org/x/net/context` package
-
-This means it's no longer possible to use the "Classic App Engine"
-`appengine.Context` type with the `oauth2` package. (You're using
-Classic App Engine if you import the package `"appengine"`.)
-
-To work around this, you may use the new `"google.golang.org/appengine"`
-package. This package has almost the same API as the `"appengine"` package,
-but it can be fetched with `go get` and used on "Managed VMs" and well as
-Classic App Engine.
-
-See the [new `appengine` package's readme](https://github.com/golang/appengine#updating-a-go-app-engine-app)
-for information on updating your app.
-
-If you don't want to update your entire app to use the new App Engine packages,
-you may use both sets of packages in parallel, using only the new packages
-with the `oauth2` package.
-
-```go
-import (
-	"golang.org/x/net/context"
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/google"
-	newappengine "google.golang.org/appengine"
-	newurlfetch "google.golang.org/appengine/urlfetch"
-
-	"appengine"
-)
-
-func handler(w http.ResponseWriter, r *http.Request) {
-	var c appengine.Context = appengine.NewContext(r)
-	c.Infof("Logging a message with the old package")
-
-	var ctx context.Context = newappengine.NewContext(r)
-	client := &http.Client{
-		Transport: &oauth2.Transport{
-			Source: google.AppEngineTokenSource(ctx, "scope"),
-			Base:   &newurlfetch.Transport{Context: ctx},
-		},
-	}
-	client.Get("...")
-}
-```
+We no longer accept new provider-specific packages in this repo. For
+defining provider endpoints and provider-specific OAuth2 behavior, we
+encourage you to create packages elsewhere. We'll keep the existing
+packages for compatibility.
 
 ## Report Issues / Send Patches
 

clientcredentials/clientcredentials.go

@@ -14,12 +14,12 @@
 package clientcredentials // import "golang.org/x/oauth2/clientcredentials"
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/internal"
 )
@@ -42,19 +42,27 @@ type Config struct {
 
 	// EndpointParams specifies additional parameters for requests to the token endpoint.
 	EndpointParams url.Values
+
+	// AuthStyle optionally specifies how the endpoint wants the
+	// client ID & client secret sent. The zero value means to
+	// auto-detect.
+	AuthStyle oauth2.AuthStyle
 }
 
 // Token uses client credentials to retrieve a token.
-// The HTTP client to use is derived from the context.
-// If nil, http.DefaultClient is used.
+//
+// The provided context optionally controls which HTTP client is used. See the oauth2.HTTPClient variable.
 func (c *Config) Token(ctx context.Context) (*oauth2.Token, error) {
 	return c.TokenSource(ctx).Token()
 }
 
 // Client returns an HTTP client using the provided token.
-// The token will auto-refresh as necessary. The underlying
-// HTTP transport will be obtained using the provided context.
-// The returned client and its Transport should not be modified.
+// The token will auto-refresh as necessary.
+//
+// The provided context optionally controls which HTTP client
+// is returned. See the oauth2.HTTPClient variable.
+//
+// The returned Client and its Transport should not be modified.
 func (c *Config) Client(ctx context.Context) *http.Client {
 	return oauth2.NewClient(ctx, c.TokenSource(ctx))
 }
@@ -87,12 +95,15 @@ func (c *tokenSource) Token() (*oauth2.Token, error) {
 		v.Set("scope", strings.Join(c.conf.Scopes, " "))
 	}
 	for k, p := range c.conf.EndpointParams {
-		if _, ok := v[k]; ok {
+		// Allow grant_type to be overridden to allow interoperability with
+		// non-compliant implementations.
+		if _, ok := v[k]; ok && k != "grant_type" {
 			return nil, fmt.Errorf("oauth2: cannot overwrite parameter %q", k)
 		}
 		v[k] = p
 	}
-	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.TokenURL, v)
+
+	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.TokenURL, v, internal.AuthStyle(c.conf.AuthStyle))
 	if err != nil {
 		if rErr, ok := err.(*internal.RetrieveError); ok {
 			return nil, (*oauth2.RetrieveError)(rErr)

clientcredentials/clientcredentials_test.go

@@ -6,11 +6,14 @@ package clientcredentials
 
 import (
 	"context"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"testing"
+
+	"golang.org/x/oauth2/internal"
 )
 
 func newConf(serverURL string) *Config {
@@ -31,6 +34,43 @@ func (t *mockTransport) RoundTrip(req *http.Request) (resp *http.Response, err e
 	return t.rt(req)
 }
 
+func TestTokenSourceGrantTypeOverride(t *testing.T) {
+	wantGrantType := "password"
+	var gotGrantType string
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		body, err := ioutil.ReadAll(r.Body)
+		if err != nil {
+			t.Errorf("ioutil.ReadAll(r.Body) == %v, %v, want _, <nil>", body, err)
+		}
+		if err := r.Body.Close(); err != nil {
+			t.Errorf("r.Body.Close() == %v, want <nil>", err)
+		}
+		values, err := url.ParseQuery(string(body))
+		if err != nil {
+			t.Errorf("url.ParseQuery(%q) == %v, %v, want _, <nil>", body, values, err)
+		}
+		gotGrantType = values.Get("grant_type")
+		w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
+		w.Write([]byte("access_token=90d64460d14870c08c81352a05dedd3465940a7c&token_type=bearer"))
+	}))
+	config := &Config{
+		ClientID:     "CLIENT_ID",
+		ClientSecret: "CLIENT_SECRET",
+		Scopes:       []string{"scope"},
+		TokenURL:     ts.URL + "/token",
+		EndpointParams: url.Values{
+			"grant_type": {wantGrantType},
+		},
+	}
+	token, err := config.TokenSource(context.Background()).Token()
+	if err != nil {
+		t.Errorf("config.TokenSource(_).Token() == %v, %v, want !<nil>, <nil>", token, err)
+	}
+	if gotGrantType != wantGrantType {
+		t.Errorf("grant_type == %q, want %q", gotGrantType, wantGrantType)
+	}
+}
+
 func TestTokenRequest(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.String() != "/token" {
@@ -74,21 +114,25 @@ func TestTokenRequest(t *testing.T) {
 }
 
 func TestTokenRefreshRequest(t *testing.T) {
+	internal.ResetAuthCache()
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.String() == "/somethingelse" {
 			return
 		}
 		if r.URL.String() != "/token" {
-			t.Errorf("Unexpected token refresh request URL, %v is found.", r.URL)
+			t.Errorf("Unexpected token refresh request URL: %q", r.URL)
 		}
 		headerContentType := r.Header.Get("Content-Type")
-		if headerContentType != "application/x-www-form-urlencoded" {
-			t.Errorf("Unexpected Content-Type header, %v is found.", headerContentType)
+		if got, want := headerContentType, "application/x-www-form-urlencoded"; got != want {
+			t.Errorf("Content-Type = %q; want %q", got, want)
 		}
 		body, _ := ioutil.ReadAll(r.Body)
-		if string(body) != "audience=audience1&grant_type=client_credentials&scope=scope1+scope2" {
-			t.Errorf("Unexpected refresh token payload, %v is found.", string(body))
+		const want = "audience=audience1&grant_type=client_credentials&scope=scope1+scope2"
+		if string(body) != want {
+			t.Errorf("Unexpected refresh token payload.\n got: %s\nwant: %s\n", body, want)
 		}
+		w.Header().Set("Content-Type", "application/json")
+		io.WriteString(w, `{"access_token": "foo", "refresh_token": "bar"}`)
 	}))
 	defer ts.Close()
 	conf := newConf(ts.URL)

facebook/facebook.go

@@ -11,6 +11,6 @@ import (
 
 // Endpoint is Facebook's OAuth 2.0 endpoint.
 var Endpoint = oauth2.Endpoint{
-	AuthURL:  "https://www.facebook.com/dialog/oauth",
-	TokenURL: "https://graph.facebook.com/oauth/access_token",
+	AuthURL:  "https://www.facebook.com/v3.1/dialog/oauth",
+	TokenURL: "https://graph.facebook.com/v3.1/oauth/access_token",
 }

go.mod

@@ -0,0 +1,10 @@
+module golang.org/x/oauth2
+
+go 1.11
+
+require (
+	cloud.google.com/go v0.34.0
+	golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e
+	golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
+	google.golang.org/appengine v1.4.0
+)

go.sum

@@ -0,0 +1,12 @@
+cloud.google.com/go v0.34.0 h1:eOI3/cP2VTU6uZLDYAoic+eyzzB9YyGmJ7eIjl8rOPg=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=

google/appengine.go

@@ -5,85 +5,34 @@
 package google
 
 import (
-	"sort"
-	"strings"
-	"sync"
+	"context"
 	"time"
 
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 )
 
-// appengineFlex is set at init time by appengineflex_hook.go. If true, we are on App Engine Flex.
-var appengineFlex bool
-
-// Set at init time by appengine_hook.go. If nil, we're not on App Engine.
+// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
 var appengineTokenFunc func(c context.Context, scopes ...string) (token string, expiry time.Time, err error)
 
-// Set at init time by appengine_hook.go. If nil, we're not on App Engine.
+// Set at init time by appengine_gen1.go. If nil, we're not on App Engine standard first generation (<= Go 1.9) or App Engine flexible.
 var appengineAppIDFunc func(c context.Context) string
 
-// AppEngineTokenSource returns a token source that fetches tokens
-// issued to the current App Engine application's service account.
-// If you are implementing a 3-legged OAuth 2.0 flow on App Engine
-// that involves user accounts, see oauth2.Config instead.
+// AppEngineTokenSource returns a token source that fetches tokens from either
+// the current application's service account or from the metadata server,
+// depending on the App Engine environment. See below for environment-specific
+// details. If you are implementing a 3-legged OAuth 2.0 flow on App Engine that
+// involves user accounts, see oauth2.Config instead.
+//
+// First generation App Engine runtimes (<= Go 1.9):
+// AppEngineTokenSource returns a token source that fetches tokens issued to the
+// current App Engine application's service account. The provided context must have
+// come from appengine.NewContext.
 //
-// The provided context must have come from appengine.NewContext.
+// Second generation App Engine runtimes (>= Go 1.11) and App Engine flexible:
+// AppEngineTokenSource is DEPRECATED on second generation runtimes and on the
+// flexible environment. It delegates to ComputeTokenSource, and the provided
+// context and scopes are not used. Please use DefaultTokenSource (or ComputeTokenSource,
+// which DefaultTokenSource will use in this case) instead.
 func AppEngineTokenSource(ctx context.Context, scope ...string) oauth2.TokenSource {
-	if appengineTokenFunc == nil {
-		panic("google: AppEngineTokenSource can only be used on App Engine.")
-	}
-	scopes := append([]string{}, scope...)
-	sort.Strings(scopes)
-	return &appEngineTokenSource{
-		ctx:    ctx,
-		scopes: scopes,
-		key:    strings.Join(scopes, " "),
-	}
-}
-
-// aeTokens helps the fetched tokens to be reused until their expiration.
-var (
-	aeTokensMu sync.Mutex
-	aeTokens   = make(map[string]*tokenLock) // key is space-separated scopes
-)
-
-type tokenLock struct {
-	mu sync.Mutex // guards t; held while fetching or updating t
-	t  *oauth2.Token
-}
-
-type appEngineTokenSource struct {
-	ctx    context.Context
-	scopes []string
-	key    string // to aeTokens map; space-separated scopes
-}
-
-func (ts *appEngineTokenSource) Token() (*oauth2.Token, error) {
-	if appengineTokenFunc == nil {
-		panic("google: AppEngineTokenSource can only be used on App Engine.")
-	}
-
-	aeTokensMu.Lock()
-	tok, ok := aeTokens[ts.key]
-	if !ok {
-		tok = &tokenLock{}
-		aeTokens[ts.key] = tok
-	}
-	aeTokensMu.Unlock()
-
-	tok.mu.Lock()
-	defer tok.mu.Unlock()
-	if tok.t.Valid() {
-		return tok.t, nil
-	}
-	access, exp, err := appengineTokenFunc(ts.ctx, ts.scopes...)
-	if err != nil {
-		return nil, err
-	}
-	tok.t = &oauth2.Token{
-		AccessToken: access,
-		Expiry:      exp,
-	}
-	return tok.t, nil
+	return appEngineTokenSource(ctx, scope...)
 }