Documentation
¶
Overview ¶
Package google provides support for making OAuth2 authorized and authenticated HTTP requests to Google APIs. It supports Web server, client-side, service accounts, Google Compute Engine service accounts, and Google App Engine service accounts authorization and authentications flows:
For more information, please read https://developers.google.com/accounts/docs/OAuth2.
Example (AppEngine) ¶
package main
import (
"net/http"
"github.com/golang/oauth2/google"
"google.golang.org/appengine"
)
func main() {
context := appengine.NewContext(nil)
config := google.NewAppEngineConfig(context, []string{
"https://www.googleapis.com/auth/bigquery",
})
// The following client will be authorized by the App Engine
// app's service account for the provided scopes.
client := http.Client{Transport: config.NewTransport()}
client.Get("...")
}
Output:
Example (ComputeEngine) ¶
package main
import (
"net/http"
"github.com/golang/oauth2/google"
)
func main() {
// If no other account is specified, "default" is used.
config := google.NewComputeEngineConfig("")
client := http.Client{Transport: config.NewTransport()}
client.Get("...")
}
Output:
Example (ServiceAccounts) ¶
package main
import (
"log"
"net/http"
"github.com/golang/oauth2"
"github.com/golang/oauth2/google"
)
func main() {
// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
config, err := google.NewServiceAccountConfig(&oauth2.JWTOptions{
Email: "xxx@developer.gserviceaccount.com",
// The contents of your RSA private key or your PEM file
// that contains a private key.
// If you have a p12 file instead, you
// can use `openssl` to export the private key into a PEM file.
//
// $ openssl pkcs12 -in key.p12 -out key.pem -nodes
//
// Supports only PEM containers without a passphrase.
PrivateKey: []byte("PRIVATE KEY CONTENTS"),
Scopes: []string{
"https://www.googleapis.com/auth/bigquery",
},
})
if err != nil {
log.Fatal(err)
}
// Initiate an http.Client, the following GET request will be
// authorized and authenticated on the behalf of
// xxx@developer.gserviceaccount.com.
client := http.Client{Transport: config.NewTransport()}
client.Get("...")
// If you would like to impersonate a user, you can
// create a transport with a subject. The following GET
// request will be made on the behalf of user@example.com.
client = http.Client{Transport: config.NewTransportWithUser("user@example.com")}
client.Get("...")
}
Output:
Example (WebServer) ¶
package main
import (
"fmt"
"log"
"net/http"
"github.com/golang/oauth2"
"github.com/golang/oauth2/google"
)
func main() {
// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
config, err := google.NewConfig(&oauth2.Options{
ClientID: "YOUR_CLIENT_ID",
ClientSecret: "YOUR_CLIENT_SECRET",
RedirectURL: "YOUR_REDIRECT_URL",
Scopes: []string{
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/blogger"},
})
if err != nil {
log.Fatal(err)
}
// Redirect user to Google's consent page to ask for permission
// for the scopes specified above.
url := config.AuthCodeURL("")
fmt.Printf("Visit the URL for the auth dialog: %v", url)
// Handle the exchange code to initiate a transport
t, err := config.NewTransportWithCode("exchange-code")
if err != nil {
log.Fatal(err)
}
client := http.Client{Transport: t}
client.Get("...")
}
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewServiceAccountConfig ¶
func NewServiceAccountConfig(opts *oauth2.JWTOptions) (*oauth2.JWTConfig, error)
NewServiceAccountConfig creates a new JWT config that can fetch Bearer JWT tokens from Google endpoints.
Types ¶
type AppEngineConfig ¶
type AppEngineConfig struct {
// Transport is the round tripper to be used
// to construct new oauth2.Transport instances from
// this configuration.
Transport http.RoundTripper
// contains filtered or unexported fields
}
AppEngineConfig represents a configuration for an App Engine application's Google service account.
func NewAppEngineConfig ¶
func NewAppEngineConfig(context appengine.Context, scopes []string) *AppEngineConfig
NewAppEngineConfig creates a new AppEngineConfig for the provided auth scopes.
func (*AppEngineConfig) FetchToken ¶
FetchToken fetches a new access token for the provided scopes.
func (*AppEngineConfig) NewTransport ¶
func (c *AppEngineConfig) NewTransport() *oauth2.Transport
NewTransport returns a transport that authorizes the requests with the application's service account.
type ComputeEngineConfig ¶
type ComputeEngineConfig struct {
// Client is the HTTP client to be used to retrieve
// tokens from the OAuth 2.0 provider.
Client *http.Client
// Transport is the round tripper to be used
// to construct new oauth2.Transport instances from
// this configuration.
Transport http.RoundTripper
// contains filtered or unexported fields
}
ComputeEngineConfig represents a OAuth 2.0 consumer client running on Google Compute Engine.
func NewComputeEngineConfig ¶
func NewComputeEngineConfig(account string) *ComputeEngineConfig
NewComputeEngineConfig creates a new config that can fetch tokens from Google Compute Engine instance's metaserver. If no account is provided, default is used.
func (*ComputeEngineConfig) FetchToken ¶
FetchToken retrieves a new access token via metadata server.
func (*ComputeEngineConfig) NewTransport ¶
func (c *ComputeEngineConfig) NewTransport() *oauth2.Transport
NewTransport creates an authorized transport.
Source Files