Skip to content

Commit

Permalink
Add ability to pass a custom audience when using client credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
@sergiught
sergiught committed Aug 23, 2022
1 parent 684b8eb commit 91d9d4f
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 3 deletions.
21 changes: 18 additions & 3 deletions internal/client/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,14 +143,29 @@ func Wrap(base *http.Client, tokenSource oauth2.TokenSource, options ...Option)

// OAuth2ClientCredentials sets the oauth2 client credentials.
func OAuth2ClientCredentials(ctx context.Context, uri, clientID, clientSecret string) oauth2.TokenSource {
return (&clientcredentials.Config{
audience := uri + "/api/v2/"
return OAuth2ClientCredentialsAndAudience(ctx, uri, clientID, clientSecret, audience)
}

// OAuth2ClientCredentialsAndAudience sets the oauth2
// client credentials with a custom audience.
func OAuth2ClientCredentialsAndAudience(
ctx context.Context,
uri,
clientID,
clientSecret,
audience string,
) oauth2.TokenSource {
cfg := &clientcredentials.Config{
ClientID: clientID,
ClientSecret: clientSecret,
TokenURL: uri + "/oauth/token",
EndpointParams: url.Values{
"audience": {uri + "/api/v2/"},
"audience": []string{audience},
},
}).TokenSource(ctx)
}

return cfg.TokenSource(ctx)
}

// StaticToken sets a static token to be used for oauth2.
Expand Down
14 changes: 14 additions & 0 deletions management/management_option.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,20 @@ func WithClientCredentials(clientID, clientSecret string) Option {
}
}

// WithClientCredentialsAndAudience configures management to authenticate using the client
// credentials authentication flow and a custom audience.
func WithClientCredentialsAndAudience(clientID, clientSecret, audience string) Option {
return func(m *Management) {
m.tokenSource = client.OAuth2ClientCredentialsAndAudience(
m.ctx,
m.url.String(),
clientID,
clientSecret,
audience,
)
}
}

// WithStaticToken configures management to authenticate using a static
// authentication token.
func WithStaticToken(token string) Option {
Expand Down

0 comments on commit 91d9d4f

Please sign in to comment.