FetchTokenWithOAuth fetches a token using a POST request
(ctx context.Context, client *http.Client, headers http.Header, clientID string, to TokenOptions)
| 96 | |
| 97 | // FetchTokenWithOAuth fetches a token using a POST request |
| 98 | func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http.Header, clientID string, to TokenOptions) (*OAuthTokenResponse, error) { |
| 99 | c := *client |
| 100 | client = &c |
| 101 | tracing.UpdateHTTPClient(client, tracing.Name("remotes.docker.resolver", "FetchTokenWithOAuth")) |
| 102 | |
| 103 | form := url.Values{} |
| 104 | if len(to.Scopes) > 0 { |
| 105 | form.Set("scope", strings.Join(to.Scopes, " ")) |
| 106 | } |
| 107 | form.Set("service", to.Service) |
| 108 | form.Set("client_id", clientID) |
| 109 | |
| 110 | if to.Username == "" { |
| 111 | form.Set("grant_type", "refresh_token") |
| 112 | form.Set("refresh_token", to.Secret) |
| 113 | } else { |
| 114 | form.Set("grant_type", "password") |
| 115 | form.Set("username", to.Username) |
| 116 | form.Set("password", to.Secret) |
| 117 | } |
| 118 | if to.FetchRefreshToken { |
| 119 | form.Set("access_type", "offline") |
| 120 | } |
| 121 | |
| 122 | req, err := http.NewRequestWithContext(ctx, http.MethodPost, to.Realm, strings.NewReader(form.Encode())) |
| 123 | if err != nil { |
| 124 | return nil, err |
| 125 | } |
| 126 | req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8") |
| 127 | for k, v := range headers { |
| 128 | req.Header[k] = append(req.Header[k], v...) |
| 129 | } |
| 130 | if len(req.Header.Get("User-Agent")) == 0 { |
| 131 | req.Header.Set("User-Agent", "containerd/"+version.Version) |
| 132 | } |
| 133 | |
| 134 | resp, err := client.Do(req) |
| 135 | if err != nil { |
| 136 | return nil, err |
| 137 | } |
| 138 | defer resp.Body.Close() |
| 139 | |
| 140 | if resp.StatusCode < 200 || resp.StatusCode >= 400 { |
| 141 | return nil, remoteserrors.NewUnexpectedStatusErr(resp) |
| 142 | } |
| 143 | |
| 144 | decoder := json.NewDecoder(resp.Body) |
| 145 | |
| 146 | var tr OAuthTokenResponse |
| 147 | if err = decoder.Decode(&tr); err != nil { |
| 148 | return nil, fmt.Errorf("unable to decode token response: %w", err) |
| 149 | } |
| 150 | |
| 151 | if tr.AccessToken == "" { |
| 152 | return nil, ErrNoToken |
| 153 | } |
| 154 | |
| 155 | return &tr, nil |
no test coverage detected
searching dependent graphs…