oauth2_provider.go raw

   1  // Copyright (c) 2016, 2018, 2025, Oracle and/or its affiliates.  All rights reserved.
   2  // This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
   3  
   4  package auth
   5  
   6  import (
   7  	"crypto/rsa"
   8  	"fmt"
   9  
  10  	"github.com/nrdcg/oci-go-sdk/common/v1065"
  11  )
  12  
  13  // OAuth2ConfigurationProvider provides Oauth2 type authentication
  14  type OAuth2ConfigurationProvider struct {
  15  	federationClient   federationClient
  16  	sessionKeySupplier sessionKeySupplier
  17  	region             string
  18  }
  19  
  20  // NewOAuth2ConfigurationProvider builds an OAuth2ConfigurationProvider from an existing config provider, and auth endpoint parameters
  21  // The config provider can be for instance, resource, or service principals.
  22  func NewOAuth2ConfigurationProvider(configProvider common.ConfigurationProvider, scope string, targetCompartment string) (common.ConfigurationProvider, error) {
  23  	sessionKeySupplier := newSessionKeySupplier()
  24  	region, err := configProvider.Region()
  25  	if err != nil {
  26  		return nil, fmt.Errorf("failed to get region from configProvider: %s", err.Error())
  27  	}
  28  	federationClient, err := newOAuth2FederationClient(configProvider, scope, targetCompartment, sessionKeySupplier)
  29  	if err != nil {
  30  		err = fmt.Errorf("failed to create auth provider: %w", err)
  31  		return nil, err
  32  	}
  33  	return &OAuth2ConfigurationProvider{
  34  		federationClient:   federationClient,
  35  		sessionKeySupplier: sessionKeySupplier,
  36  		region:             region,
  37  	}, nil
  38  }
  39  
  40  // KeyID checks if the current security token is valid, and retrieves a new token from Auth Service if not
  41  func (p OAuth2ConfigurationProvider) KeyID() (string, error) {
  42  	var securityToken string
  43  	var err error
  44  	if securityToken, err = p.federationClient.SecurityToken(); err != nil {
  45  		err = fmt.Errorf("failed to get security token: %s", err.Error())
  46  		return "", err
  47  	}
  48  	return fmt.Sprintf("ST$%s", securityToken), nil
  49  }
  50  
  51  // PrivateRSAKey returns the private key of the session key supplier created for the OAuth Provider
  52  func (p OAuth2ConfigurationProvider) PrivateRSAKey() (privateKey *rsa.PrivateKey, err error) {
  53  	if privateKey, err = p.federationClient.PrivateKey(); err != nil {
  54  		err = fmt.Errorf("failed to get private key: %s", err.Error())
  55  		return nil, err
  56  	}
  57  	return privateKey, nil
  58  }
  59  
  60  func (p OAuth2ConfigurationProvider) SecurityToken() (string, error) {
  61  	return p.federationClient.SecurityToken()
  62  }
  63  
  64  func (p OAuth2ConfigurationProvider) TenancyOCID() (string, error) {
  65  	return "", nil
  66  }
  67  
  68  func (p OAuth2ConfigurationProvider) UserOCID() (string, error) {
  69  	return "", nil
  70  }
  71  
  72  func (p OAuth2ConfigurationProvider) KeyFingerprint() (string, error) {
  73  	return "", nil
  74  }
  75  
  76  func (p OAuth2ConfigurationProvider) Region() (string, error) {
  77  	return p.region, nil
  78  }
  79  
  80  func (p OAuth2ConfigurationProvider) AuthType() (common.AuthConfig, error) {
  81  	return common.AuthConfig{AuthType: common.OAuthDelegationToken}, nil
  82  }
  83