const (
// GrantType for a sts exchange.
GrantType = "urn:ietf:params:oauth:grant-type:token-exchange"
// TokenType for a sts exchange.
TokenType = "urn:ietf:params:oauth:token-type:access_token"
)
ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
type ClientAuthentication struct {
AuthStyle auth.Style
ClientID string
ClientSecret string
}
func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header)
InjectAuthentication is used to add authentication to a Secure Token Service exchange request. It modifies either the passed url.Values or http.Header depending on the desired authentication format.
Options stores the configuration for making an sts exchange request.
type Options struct {
Client *http.Client
Endpoint string
Request *TokenRequest
Authentication ClientAuthentication
Headers http.Header
// ExtraOpts are optional fields marshalled into the `options` field of the
// request body.
ExtraOpts map[string]interface{}
RefreshToken string
}
TokenRequest contains fields necessary to make an oauth2 token exchange.
type TokenRequest struct {
ActingParty struct {
ActorToken string
ActorTokenType string
}
GrantType string
Resource string
Audience string
Scope []string
RequestedTokenType string
SubjectToken string
SubjectTokenType string
}
TokenResponse is used to decode the remote server response during an oauth2 token exchange.
type TokenResponse struct {
AccessToken string `json:"access_token"`
IssuedTokenType string `json:"issued_token_type"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
Scope string `json:"scope"`
RefreshToken string `json:"refresh_token"`
}
func ExchangeToken(ctx context.Context, opts *Options) (*TokenResponse, error)
ExchangeToken performs an oauth2 token exchange with the provided endpoint.
func RefreshAccessToken(ctx context.Context, opts *Options) (*TokenResponse, error)
RefreshAccessToken performs the token exchange using a refresh token flow.