Documentation ¶
Overview ¶
Package google provides support for making OAuth2 authorized and authenticated HTTP requests to Google APIs. It supports Web server, client-side, service accounts, Google Compute Engine service accounts, and Google App Engine service accounts authorization and authentications flows:
For more information, please read https://developers.google.com/accounts/docs/OAuth2.
Example (AppEngine) ¶
package main import ( "net/http" "github.com/golang/oauth2/google" "google.golang.org/appengine" ) func main() { c := appengine.NewContext(nil) config := google.NewAppEngineConfig(c, "https://www.googleapis.com/auth/bigquery") // The following client will be authorized by the App Engine // app's service account for the provided scopes. client := http.Client{Transport: config.NewTransport()} client.Get("...") }
Output:
Example (ComputeEngine) ¶
package main import ( "net/http" "github.com/golang/oauth2/google" ) func main() { // If no other account is specified, "default" is used. config := google.NewComputeEngineConfig("") client := http.Client{Transport: config.NewTransport()} client.Get("...") }
Output:
Example (ServiceAccounts) ¶
package main import ( "log" "net/http" "github.com/golang/oauth2" "github.com/golang/oauth2/google" ) func main() { // Your credentials should be obtained from the Google // Developer Console (https://console.developers.google.com). config, err := google.NewServiceAccountConfig(&oauth2.JWTOptions{ Email: "xxx@developer.gserviceaccount.com", // The contents of your RSA private key or your PEM file // that contains a private key. // If you have a p12 file instead, you // can use `openssl` to export the private key into a PEM file. // // $ openssl pkcs12 -in key.p12 -out key.pem -nodes // // Supports only PEM containers without a passphrase. PrivateKey: []byte("PRIVATE KEY CONTENTS"), Scopes: []string{ "https://www.googleapis.com/auth/bigquery", }, }) if err != nil { log.Fatal(err) } // Initiate an http.Client, the following GET request will be // authorized and authenticated on the behalf of // xxx@developer.gserviceaccount.com. client := http.Client{Transport: config.NewTransport()} client.Get("...") // If you would like to impersonate a user, you can // create a transport with a subject. The following GET // request will be made on the behalf of user@example.com. client = http.Client{Transport: config.NewTransportWithUser("user@example.com")} client.Get("...") }
Output:
Example (ServiceAccountsJSON) ¶
package main import ( "log" "net/http" "github.com/golang/oauth2/google" ) func main() { // Your credentials should be obtained from the Google // Developer Console (https://console.developers.google.com). // Navigate to your project, then see the "Credentials" page // under "APIs & Auth". // To create a service account client, click "Create new Client ID", // select "Service Account", and click "Create Client ID". A JSON // key file will then be downloaded to your computer. config, err := google.NewServiceAccountJSONConfig( "/path/to/your-project-key.json", "https://www.googleapis.com/auth/bigquery", ) if err != nil { log.Fatal(err) } // Initiate an http.Client. The following GET request will be // authorized and authenticated on the behalf of // your service account. client := http.Client{Transport: config.NewTransport()} client.Get("...") // If you would like to impersonate a user, you can // create a transport with a subject. The following GET // request will be made on the behalf of user@example.com. client = http.Client{Transport: config.NewTransportWithUser("user@example.com")} client.Get("...") }
Output:
Example (WebServer) ¶
package main import ( "fmt" "log" "net/http" "github.com/golang/oauth2" "github.com/golang/oauth2/google" ) func main() { // Your credentials should be obtained from the Google // Developer Console (https://console.developers.google.com). config, err := google.NewConfig(&oauth2.Options{ ClientID: "YOUR_CLIENT_ID", ClientSecret: "YOUR_CLIENT_SECRET", RedirectURL: "YOUR_REDIRECT_URL", Scopes: []string{ "https://www.googleapis.com/auth/bigquery", "https://www.googleapis.com/auth/blogger"}, }) if err != nil { log.Fatal(err) } // Redirect user to Google's consent page to ask for permission // for the scopes specified above. url := config.AuthCodeURL("state", "online", "auto") fmt.Printf("Visit the URL for the auth dialog: %v", url) // Handle the exchange code to initiate a transport t, err := config.NewTransportWithCode("exchange-code") if err != nil { log.Fatal(err) } client := http.Client{Transport: t} client.Get("...") }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewServiceAccountConfig ¶
func NewServiceAccountConfig(opts *oauth2.JWTOptions) (*oauth2.JWTConfig, error)
NewServiceAccountConfig creates a new JWT config that can fetch Bearer JWT tokens from Google endpoints.
func NewServiceAccountJSONConfig ¶
NewServiceAccountJSONConfig creates a new JWT config from a JSON key file downloaded from the Google Developers Console. See the "Credentials" page under "APIs & Auth" for your project at https://console.developers.google.com.
Types ¶
type AppEngineConfig ¶
type AppEngineConfig struct { // Transport is the http.RoundTripper to be used // to construct new oauth2.Transport instances from // this configuration. Transport http.RoundTripper // contains filtered or unexported fields }
AppEngineConfig represents a configuration for an App Engine application's Google service account.
func NewAppEngineConfig ¶
func NewAppEngineConfig(context appengine.Context, scopes ...string) *AppEngineConfig
NewAppEngineConfig creates a new AppEngineConfig for the provided auth scopes.
func (*AppEngineConfig) FetchToken ¶
FetchToken fetches a new access token for the provided scopes.
func (*AppEngineConfig) NewTransport ¶
func (c *AppEngineConfig) NewTransport() *oauth2.Transport
NewTransport returns a transport that authorizes the requests with the application's service account.
type ComputeEngineConfig ¶
type ComputeEngineConfig struct { // Client is the HTTP client to be used to retrieve // tokens from the OAuth 2.0 provider. Client *http.Client // Transport is the round tripper to be used // to construct new oauth2.Transport instances from // this configuration. Transport http.RoundTripper // contains filtered or unexported fields }
ComputeEngineConfig represents a OAuth 2.0 consumer client running on Google Compute Engine.
func NewComputeEngineConfig ¶
func NewComputeEngineConfig(account string) *ComputeEngineConfig
NewComputeEngineConfig creates a new config that can fetch tokens from Google Compute Engine instance's metaserver. If no account is provided, default is used.
func (*ComputeEngineConfig) FetchToken ¶
FetchToken retrieves a new access token via metadata server.
func (*ComputeEngineConfig) NewTransport ¶
func (c *ComputeEngineConfig) NewTransport() *oauth2.Transport
NewTransport creates an authorized transport.