DoTwoLeggedAuthorization performs two-legged OAuth using the jwt-bearer grant type.
(issuer string)
| 981 | // DoTwoLeggedAuthorization performs two-legged OAuth using the jwt-bearer |
| 982 | // grant type. |
| 983 | func (o *oauth) DoTwoLeggedAuthorization(issuer string) (*token, error) { |
| 984 | pemBytes := []byte(o.clientSecret) |
| 985 | block, _ := pem.Decode(pemBytes) |
| 986 | if block == nil { |
| 987 | return nil, fmt.Errorf("failed to read private key pem block") |
| 988 | } |
| 989 | priv, err := x509.ParsePKCS8PrivateKey(block.Bytes) |
| 990 | if err != nil { |
| 991 | return nil, errors.Wrap(err, "error parsing private key") |
| 992 | } |
| 993 | |
| 994 | // Add claims |
| 995 | now := int(time.Now().Unix()) |
| 996 | c := map[string]interface{}{ |
| 997 | "aud": o.tokenEndpoint, |
| 998 | "nbf": now, |
| 999 | "iat": now, |
| 1000 | "exp": now + 3600, |
| 1001 | "iss": issuer, |
| 1002 | "scope": o.scope, |
| 1003 | } |
| 1004 | |
| 1005 | so := new(jose.SignerOptions) |
| 1006 | so.WithType("JWT") |
| 1007 | so.WithHeader("kid", o.clientID) |
| 1008 | |
| 1009 | // Sign JWT |
| 1010 | signer, err := jose.NewSigner(jose.SigningKey{ |
| 1011 | Algorithm: "RS256", |
| 1012 | Key: priv, |
| 1013 | }, so) |
| 1014 | if err != nil { |
| 1015 | return nil, errors.Wrapf(err, "error creating JWT signer") |
| 1016 | } |
| 1017 | |
| 1018 | raw, err := jose.Signed(signer).Claims(c).CompactSerialize() |
| 1019 | if err != nil { |
| 1020 | return nil, errors.Wrapf(err, "error serializing JWT") |
| 1021 | } |
| 1022 | |
| 1023 | // Construct the POST request to fetch the OAuth token. |
| 1024 | params := url.Values{ |
| 1025 | "assertion": []string{raw}, |
| 1026 | "grant_type": []string{jwtBearerUrn}, |
| 1027 | } |
| 1028 | |
| 1029 | // Send the POST request and return token. |
| 1030 | resp, err := postForm(o.tokenEndpoint, params) |
| 1031 | if err != nil { |
| 1032 | return nil, errors.Wrapf(err, "error from token endpoint") |
| 1033 | } |
| 1034 | defer resp.Body.Close() |
| 1035 | |
| 1036 | var tok token |
| 1037 | if err := json.NewDecoder(resp.Body).Decode(&tok); err != nil { |
| 1038 | return nil, errors.WithStack(err) |
| 1039 | } |
| 1040 |
no test coverage detected