MCPcopy
hub / github.com/containerd/containerd / FetchTokenWithOAuth

Function FetchTokenWithOAuth

core/remotes/docker/auth/fetch.go:98–156  ·  view source on GitHub ↗

FetchTokenWithOAuth fetches a token using a POST request

(ctx context.Context, client *http.Client, headers http.Header, clientID string, to TokenOptions)

Source from the content-addressed store, hash-verified

96
97// FetchTokenWithOAuth fetches a token using a POST request
98func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http.Header, clientID string, to TokenOptions) (*OAuthTokenResponse, error) {
99 c := *client
100 client = &c
101 tracing.UpdateHTTPClient(client, tracing.Name("remotes.docker.resolver", "FetchTokenWithOAuth"))
102
103 form := url.Values{}
104 if len(to.Scopes) > 0 {
105 form.Set("scope", strings.Join(to.Scopes, " "))
106 }
107 form.Set("service", to.Service)
108 form.Set("client_id", clientID)
109
110 if to.Username == "" {
111 form.Set("grant_type", "refresh_token")
112 form.Set("refresh_token", to.Secret)
113 } else {
114 form.Set("grant_type", "password")
115 form.Set("username", to.Username)
116 form.Set("password", to.Secret)
117 }
118 if to.FetchRefreshToken {
119 form.Set("access_type", "offline")
120 }
121
122 req, err := http.NewRequestWithContext(ctx, http.MethodPost, to.Realm, strings.NewReader(form.Encode()))
123 if err != nil {
124 return nil, err
125 }
126 req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
127 for k, v := range headers {
128 req.Header[k] = append(req.Header[k], v...)
129 }
130 if len(req.Header.Get("User-Agent")) == 0 {
131 req.Header.Set("User-Agent", "containerd/"+version.Version)
132 }
133
134 resp, err := client.Do(req)
135 if err != nil {
136 return nil, err
137 }
138 defer resp.Body.Close()
139
140 if resp.StatusCode < 200 || resp.StatusCode >= 400 {
141 return nil, remoteserrors.NewUnexpectedStatusErr(resp)
142 }
143
144 decoder := json.NewDecoder(resp.Body)
145
146 var tr OAuthTokenResponse
147 if err = decoder.Decode(&tr); err != nil {
148 return nil, fmt.Errorf("unable to decode token response: %w", err)
149 }
150
151 if tr.AccessToken == "" {
152 return nil, ErrNoToken
153 }
154
155 return &tr, nil

Callers 1

doBearerAuthMethod · 0.92

Calls 7

UpdateHTTPClientFunction · 0.92
NameFunction · 0.92
DoMethod · 0.80
DecodeMethod · 0.80
SetMethod · 0.65
GetMethod · 0.65
CloseMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…