var NoContext … // RegisterBrokenAuthHeaderProvider previously did something. It is now a no-op. // // Deprecated: this function no longer does anything. Caller code that // wants to avoid potential extra HTTP requests made during // auto-probing of the provider's auth style should set // Endpoint.AuthStyle. func RegisterBrokenAuthHeaderProvider(tokenURL string) { … } type Config … type TokenSource … type Endpoint … type AuthStyle … const AuthStyleAutoDetect … const AuthStyleInParams … const AuthStyleInHeader … var AccessTypeOnline … var AccessTypeOffline … var ApprovalForce … type AuthCodeOption … type setParam … func (p setParam) setValue(m url.Values) { … } // SetAuthURLParam builds an AuthCodeOption which passes key/value parameters // to a provider's authorization endpoint. func SetAuthURLParam(key, value string) AuthCodeOption { … } // AuthCodeURL returns a URL to OAuth 2.0 provider's consent page // that asks for permissions for the required scopes explicitly. // // State is an opaque value used by the client to maintain state between the // request and callback. The authorization server includes this value when // redirecting the user agent back to the client. // // Opts may include AccessTypeOnline or AccessTypeOffline, as well // as ApprovalForce. // // To protect against CSRF attacks, opts should include a PKCE challenge // (S256ChallengeOption). Not all servers support PKCE. An alternative is to // generate a random state parameter and verify it after exchange. // See https://datatracker.ietf.org/doc/html/rfc6749#section-10.12 (predating // PKCE), https://www.oauth.com/oauth2-servers/pkce/ and // https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-09.html#name-cross-site-request-forgery (describing both approaches) func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string { … } // PasswordCredentialsToken converts a resource owner username and password // pair into a token. // // Per the RFC, this grant type should only be used "when there is a high // degree of trust between the resource owner and the client (e.g., the client // is part of the device operating system or a highly privileged application), // and when other authorization grant types are not available." // See https://tools.ietf.org/html/rfc6749#section-4.3 for more info. // // The provided context optionally controls which HTTP client is used. See the HTTPClient variable. func (c *Config) PasswordCredentialsToken(ctx context.Context, username, password string) (*Token, error) { … } // Exchange converts an authorization code into a token. // // It is used after a resource provider redirects the user back // to the Redirect URI (the URL obtained from AuthCodeURL). // // The provided context optionally controls which HTTP client is used. See the HTTPClient variable. // // The code will be in the *http.Request.FormValue("code"). Before // calling Exchange, be sure to validate FormValue("state") if you are // using it to protect against CSRF attacks. // // If using PKCE to protect against CSRF attacks, opts should include a // VerifierOption. func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOption) (*Token, error) { … } // Client returns an HTTP client using the provided token. // The token will auto-refresh as necessary. The underlying // HTTP transport will be obtained using the provided context. // The returned client and its Transport should not be modified. func (c *Config) Client(ctx context.Context, t *Token) *http.Client { … } // TokenSource returns a TokenSource that returns t until t expires, // automatically refreshing it as necessary using the provided context. // // Most users will use Config.Client instead. func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource { … } type tokenRefresher … // WARNING: Token is not safe for concurrent access, as it // updates the tokenRefresher's refreshToken field. // Within this package, it is used by reuseTokenSource which // synchronizes calls to this method with its own mutex. func (tf *tokenRefresher) Token() (*Token, error) { … } type reuseTokenSource … // Token returns the current token if it's still valid, else will // refresh the current token (using r.Context for HTTP client // information) and return the new one. func (s *reuseTokenSource) Token() (*Token, error) { … } // StaticTokenSource returns a TokenSource that always returns the same token. // Because the provided token t is never refreshed, StaticTokenSource is only // useful for tokens that never expire. func StaticTokenSource(t *Token) TokenSource { … } type staticTokenSource … func (s staticTokenSource) Token() (*Token, error) { … } var HTTPClient … // NewClient creates an *http.Client from a Context and TokenSource. // The returned client is not valid beyond the lifetime of the context. // // Note that if a custom *http.Client is provided via the Context it // is used only for token acquisition and is not used to configure the // *http.Client returned from NewClient. // // As a special case, if src is nil, a non-OAuth2 client is returned // using the provided context. This exists to support related OAuth2 // packages. func NewClient(ctx context.Context, src TokenSource) *http.Client { … } // ReuseTokenSource returns a TokenSource which repeatedly returns the // same token as long as it's valid, starting with t. // When its cached token is invalid, a new token is obtained from src. // // ReuseTokenSource is typically used to reuse tokens from a cache // (such as a file on disk) between runs of a program, rather than // obtaining new tokens unnecessarily. // // The initial token t may be nil, in which case the TokenSource is // wrapped in a caching version if it isn't one already. This also // means it's always safe to wrap ReuseTokenSource around any other // TokenSource without adverse effects. func ReuseTokenSource(t *Token, src TokenSource) TokenSource { … } // ReuseTokenSourceWithExpiry returns a TokenSource that acts in the same manner as the // TokenSource returned by ReuseTokenSource, except the expiry buffer is // configurable. The expiration time of a token is calculated as // t.Expiry.Add(-earlyExpiry). func ReuseTokenSourceWithExpiry(t *Token, src TokenSource, earlyExpiry time.Duration) TokenSource { … }