1 // Copyright 2020 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4 5 package stsexchange
6 7 import (
8 "encoding/base64"
9 "net/http"
10 "net/url"
11 12 "golang.org/x/oauth2"
13 )
14 15 // ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
16 type ClientAuthentication struct {
17 // AuthStyle can be either basic or request-body
18 AuthStyle oauth2.AuthStyle
19 ClientID string
20 ClientSecret string
21 }
22 23 // InjectAuthentication is used to add authentication to a Secure Token Service exchange
24 // request. It modifies either the passed url.Values or http.Header depending on the desired
25 // authentication format.
26 func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
27 if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil {
28 return
29 }
30 31 switch c.AuthStyle {
32 case oauth2.AuthStyleInHeader: // AuthStyleInHeader corresponds to basic authentication as defined in rfc7617#2
33 plainHeader := c.ClientID + ":" + c.ClientSecret
34 headers.Add("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(plainHeader)))
35 case oauth2.AuthStyleInParams: // AuthStyleInParams corresponds to request-body authentication with ClientID and ClientSecret in the message body.
36 values.Set("client_id", c.ClientID)
37 values.Set("client_secret", c.ClientSecret)
38 case oauth2.AuthStyleAutoDetect:
39 values.Set("client_id", c.ClientID)
40 values.Set("client_secret", c.ClientSecret)
41 default:
42 values.Set("client_id", c.ClientID)
43 values.Set("client_secret", c.ClientSecret)
44 }
45 }
46