Documentation
¶
Overview ¶
Package google provides support for making OAuth2 authorized and authenticated HTTP requests to Google APIs. It supports Web server, client-side, service accounts, Google Compute Engine service accounts, and Google App Engine service accounts authorization and authentications flows:
For more information, please read https://developers.google.com/accounts/docs/OAuth2.
Example (AppEngine) ¶
package main
import (
"log"
"net/http"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"google.golang.org/appengine"
)
func main() {
ctx := appengine.NewContext(nil)
opts, err := oauth2.New(
google.AppEngineContext(ctx),
oauth2.Scope(
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/blogger",
),
)
if err != nil {
log.Fatal(err)
}
// The following client will be authorized by the App Engine
// app's service account for the provided scopes.
client := http.Client{Transport: opts.NewTransport()}
client.Get("...")
}
Output:
Example (ComputeEngine) ¶
package main
import (
"log"
"net/http"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
func main() {
opts, err := oauth2.New(
// Query Google Compute Engine's metadata server to retrieve
// an access token for the provided account.
// If no account is specified, "default" is used.
google.ComputeEngineAccount(""),
)
if err != nil {
log.Fatal(err)
}
client := http.Client{Transport: opts.NewTransport()}
client.Get("...")
}
Output:
Example (ServiceAccounts) ¶
package main
import (
"log"
"net/http"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
func main() {
// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
opts, err := oauth2.New(
// The contents of your RSA private key or your PEM file
// that contains a private key.
// If you have a p12 file instead, you
// can use `openssl` to export the private key into a pem file.
//
// $ openssl pkcs12 -in key.p12 -out key.pem -nodes
//
// It only supports PEM containers with no passphrase.
oauth2.JWTClient(
"xxx@developer.gserviceaccount.com",
[]byte("-----BEGIN RSA PRIVATE KEY-----...")),
oauth2.Scope(
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/blogger",
),
google.JWTEndpoint(),
// If you would like to impersonate a user, you can
// create a transport with a subject. The following GET
// request will be made on the behalf of user@example.com.
// Subject is optional.
oauth2.Subject("user@example.com"),
)
if err != nil {
log.Fatal(err)
}
// Initiate an http.Client, the following GET request will be
// authorized and authenticated on the behalf of user@example.com.
client := http.Client{Transport: opts.NewTransport()}
client.Get("...")
}
Output:
Example (ServiceAccountsJSON) ¶
package main
import (
"log"
"net/http"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
func main() {
// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
// Navigate to your project, then see the "Credentials" page
// under "APIs & Auth".
// To create a service account client, click "Create new Client ID",
// select "Service Account", and click "Create Client ID". A JSON
// key file will then be downloaded to your computer.
opts, err := oauth2.New(
google.ServiceAccountJSONKey("/path/to/your-project-key.json"),
oauth2.Scope(
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/blogger",
),
)
if err != nil {
log.Fatal(err)
}
// Initiate an http.Client. The following GET request will be
// authorized and authenticated on the behalf of
// your service account.
client := http.Client{Transport: opts.NewTransport()}
client.Get("...")
}
Output:
Example (WebServer) ¶
package main
import (
"fmt"
"log"
"net/http"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
func main() {
// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
opts, err := oauth2.New(
oauth2.Client("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET"),
oauth2.RedirectURL("YOUR_REDIRECT_URL"),
oauth2.Scope(
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/blogger",
),
google.Endpoint(),
)
if err != nil {
log.Fatal(err)
}
// Redirect user to Google's consent page to ask for permission
// for the scopes specified above.
url := opts.AuthCodeURL("state", "online", "auto")
fmt.Printf("Visit the URL for the auth dialog: %v", url)
// Handle the exchange code to initiate a transport
t, err := opts.NewTransportFromCode("exchange-code")
if err != nil {
log.Fatal(err)
}
client := http.Client{Transport: t}
client.Get("...")
}
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AppEngineContext ¶
AppEngineContext requires an App Engine request context.
func ComputeEngineAccount ¶
ComputeEngineAccount uses the specified account to retrieve an access token from the Google Compute Engine's metadata server. If no user is provided, "default" is being used.
func GcloudCredentials ¶
GcloudCredentials return a oauth2.Transport from gcloud credentials.
func JWTEndpoint ¶
JWTEndpoint adds the endpoints required to complete the 2-legged service account flow.
func ServiceAccountJSONKey ¶
ServiceAccountJSONKey uses the provided Google Developers JSON key file to authorize the user. See the "Credentials" page under "APIs & Auth" for your project at https://console.developers.google.com to download a JSON key file.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.